Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1525192
MD5:5c3cf2541c758d3f50a08a65b6e2abe3
SHA1:b303df0dfeaf5e9d012f8c8857b1a72fd6530c17
SHA256:a1e825d314c9c21a051645e9edc8c3311bbae6b12721bfeb868dcad02ddc0411
Tags:exeuser-Bitsight
Infos:

Detection

Score:64
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
AI detected suspicious sample
Binary is likely a compiled AutoIt script file
Found API chain indicative of sandbox detection
Machine Learning detection for sample
Contains functionality for read data from the clipboard
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
OS version to string mapping found (often used in BOTs)
Potential key logger detected (key state polling based)
Sample execution stops while process was sleeping (likely an evasion)
Sleep loop found (likely to delay execution)
Stores files to the Windows start menu directory
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Uses taskkill to terminate processes

Classification

Process Tree

  • System is w10x64
  • file.exe (PID: 7700 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 5C3CF2541C758D3F50A08A65B6E2ABE3)
    • taskkill.exe (PID: 7744 cmdline: taskkill /F /IM chrome.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 7752 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 7872 cmdline: taskkill /F /IM msedge.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 7904 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 8052 cmdline: taskkill /F /IM firefox.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 8060 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 7344 cmdline: taskkill /F /IM opera.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 7380 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 3144 cmdline: taskkill /F /IM brave.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 6260 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • chrome.exe (PID: 5940 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --start-fullscreen --no-first-run --disable-session-crashed-bubble --disable-infobars MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
      • chrome.exe (PID: 7808 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 --field-trial-handle=1996,i,17554798086462426449,3277039695705647036,262144 /prefetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
      • chrome.exe (PID: 9172 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4572 --field-trial-handle=1996,i,17554798086462426449,3277039695705647036,262144 /prefetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
      • chrome.exe (PID: 9180 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4528 --field-trial-handle=1996,i,17554798086462426449,3277039695705647036,262144 /prefetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for submitted file
Source: file.exeReversingLabs: Detection: 13%
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.8% probability
Machine Learning detection for sample
Source: file.exeJoe Sandbox ML: detected
Source: file.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.10:49719 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.10:49723 version: TLS 1.2
Source: unknownHTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.10:49749 version: TLS 1.2
Source: unknownHTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.10:49762 version: TLS 1.2
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00BBDBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,1_2_00BBDBBE
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00B8C2A2 FindFirstFileExW,1_2_00B8C2A2
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00BC68EE FindFirstFileW,FindClose,1_2_00BC68EE
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00BC698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,1_2_00BC698F
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00BBD076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,1_2_00BBD076
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00BBD3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,1_2_00BBD3A9
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00BC9642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,1_2_00BC9642
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00BC979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,1_2_00BC979D
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00BC9B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,1_2_00BC9B2B
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00BC5C97 FindFirstFileW,FindNextFileW,FindClose,1_2_00BC5C97
Source: Joe Sandbox ViewIP Address: 239.255.255.250 239.255.255.250
Source: Joe Sandbox ViewJA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.55
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.55
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.42.65.85
Source: unknownTCP traffic detected without corresponding DNS query: 20.42.65.85
Source: unknownTCP traffic detected without corresponding DNS query: 20.42.65.85
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.42.65.85
Source: unknownTCP traffic detected without corresponding DNS query: 20.42.65.85
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.55
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.55
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 20.42.65.85
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 20.42.65.85
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00BCCE44 InternetReadFile,SetEvent,GetLastError,SetEvent,1_2_00BCCE44
Source: global trafficHTTP traffic detected: GET /account?=https://accounts.google.com/v3/signin/challenge/pwd HTTP/1.1Host: youtube.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CJe2yQEIo7bJAQipncoBCJr0ygEIkqHLAQiFoM0BCNy9zQEIkMrNAQi5ys0BCL/QzQEIxtHNAQi61M0BCMrWzQEIp9jNAQj5wNQVGPKYzQEYudLNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /account?=https%3A%2F%2Faccounts.google.com%2Fv3%2Fsignin%2Fchallenge%2Fpwd HTTP/1.1Host: www.youtube.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CJe2yQEIo7bJAQipncoBCJr0ygEIkqHLAQiFoM0BCNy9zQEIkMrNAQi5ys0BCL/QzQEIxtHNAQi61M0BCMrWzQEIp9jNAQj5wNQVGPKYzQEYudLNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global trafficHTTP traffic detected: GET /accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=1410101907&timestamp=1727981175312 HTTP/1.1Host: accounts.youtube.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.5938.149"sec-ch-ua-arch: "x86"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-bitness: "64"sec-ch-ua-wow64: ?0sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.149", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.149"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CJe2yQEIo7bJAQipncoBCJr0ygEIkqHLAQiFoM0BCNy9zQEIkMrNAQi5ys0BCL/QzQEIxtHNAQi61M0BCMrWzQEIp9jNAQj5wNQVGPKYzQEYudLNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: iframeReferer: https://accounts.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.149"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.149", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.149"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8X-Client-Data: CJe2yQEIo7bJAQipncoBCJr0ygEIkqHLAQiFoM0BCNy9zQEIkMrNAQi5ys0BCL/QzQEIxtHNAQi61M0BCMrWzQEIp9jNAQj5wNQVGPKYzQEYudLNARjrjaUXSec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://accounts.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=518=j-qwZ8WBmj0LjVYhyNu2BccejTJhr9A4MvK_W-CNEXu1DTrPBIe6mp2tG2Ldn7f74IeFtJbVo-RHMnCjCeg5Izw1K1ZkU425gp4O4y85HIk5CtIswVhlIkji7LfhTPUt2uRRUNNelQSm_qR98I1g07dIXGYmzHihDxvOUQvzPszHfne6_g
Source: global trafficHTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=pCDAy6F2aV+PyEZ&MD=xDX9xu4B HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global trafficHTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=pCDAy6F2aV+PyEZ&MD=xDX9xu4B HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: chromecache_113.20.drString found in binary or memory: _.iq(p)+"/familylink/privacy/notice/embedded?langCountry="+_.iq(p);break;case "PuZJUb":a+="https://www.youtube.com/t/terms?chromeless=1&hl="+_.iq(m);break;case "fxTQxb":a+="https://youtube.com/t/terms?gl="+_.iq(_.rq(c))+"&hl="+_.iq(d)+"&override_hl=1"+(f?"&linkless=1":"");break;case "prAmvd":a+="https://www.google.com/intl/"+_.iq(m)+"/chromebook/termsofservice.html?languageCode="+_.iq(d)+"&regionCode="+_.iq(c);break;case "NfnTze":a+="https://policies.google.com/privacy/google-partners"+(f?"/embedded": equals www.youtube.com (Youtube)
Source: global trafficDNS traffic detected: DNS query: youtube.com
Source: global trafficDNS traffic detected: DNS query: www.youtube.com
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: accounts.youtube.com
Source: global trafficDNS traffic detected: DNS query: play.google.com
Source: unknownHTTP traffic detected: POST /log?format=json&hasfast=true&authuser=0 HTTP/1.1Host: play.google.comConnection: keep-aliveContent-Length: 519sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"Content-Type: application/x-www-form-urlencoded;charset=UTF-8sec-ch-ua-full-version: "117.0.5938.149"sec-ch-ua-platform-version: "10.0.0"X-Goog-AuthUser: 0sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.149", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.149"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: */*Origin: https://accounts.google.comX-Client-Data: CJe2yQEIo7bJAQipncoBCJr0ygEIkqHLAQiFoM0BCNy9zQEIkMrNAQi5ys0BCL/QzQEIxtHNAQi61M0BCMrWzQEIp9jNAQj5wNQVGPKYzQEYudLNARjrjaUXSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://accounts.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: chromecache_113.20.drString found in binary or memory: https://accounts.google.com
Source: chromecache_113.20.drString found in binary or memory: https://accounts.google.com/TOS?loc=
Source: file.exe, 00000001.00000003.2518952338.0000000001603000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/v3/signin/challenge/
Source: file.exe, 00000001.00000003.2519251564.00000000015FA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2519003485.00000000015FA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2519341138.0000000001601000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/v3/signin/challenge/pw
Source: file.exe, 00000001.00000002.2520527050.00000000015C8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1288437315.0000000001574000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/v3/signin/challenge/pwd
Source: chromecache_124.20.drString found in binary or memory: https://apis.google.com/js/api.js
Source: chromecache_113.20.drString found in binary or memory: https://apis.google.com/js/rpc:shindig_random.js?onload=credentialservice.postMessage
Source: chromecache_113.20.drString found in binary or memory: https://families.google.com/intl/
Source: chromecache_124.20.drString found in binary or memory: https://fonts.gstatic.com/s/i/productlogos/drive_2020q4/v10/192px.svg
Source: chromecache_124.20.drString found in binary or memory: https://fonts.gstatic.com/s/i/productlogos/gmail_2020q4/v10/web-48dp/logo_gmail_2020q4_color_2x_web_
Source: chromecache_124.20.drString found in binary or memory: https://fonts.gstatic.com/s/i/productlogos/maps/v7/192px.svg
Source: chromecache_113.20.drString found in binary or memory: https://g.co/recover
Source: chromecache_113.20.drString found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: chromecache_113.20.drString found in binary or memory: https://play.google.com/work/enroll?identifier=
Source: chromecache_113.20.drString found in binary or memory: https://play.google/intl/
Source: chromecache_113.20.drString found in binary or memory: https://policies.google.com/privacy
Source: chromecache_113.20.drString found in binary or memory: https://policies.google.com/privacy/additional
Source: chromecache_113.20.drString found in binary or memory: https://policies.google.com/privacy/google-partners
Source: chromecache_113.20.drString found in binary or memory: https://policies.google.com/technologies/cookies
Source: chromecache_113.20.drString found in binary or memory: https://policies.google.com/technologies/location-data
Source: chromecache_113.20.drString found in binary or memory: https://policies.google.com/terms
Source: chromecache_113.20.drString found in binary or memory: https://policies.google.com/terms/location
Source: chromecache_113.20.drString found in binary or memory: https://policies.google.com/terms/service-specific
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-email-pin.gif
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-password.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-sms-or-voice-pin.gif
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-sms-pin.gif
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-stop-go-landing-page_1x.png
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/accounts/animation/
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/ble_device.png
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/ble_pin.png
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/contacts_backup_sync.png
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/contacts_backup_sync_1x.png
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/contacts_backup_sync_2x.png
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/contacts_backup_sync_darkmode_1x.png
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/continue_on_your_phone.png
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/device_phone_number_verification.png
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/device_prompt_silent_tap_yes_darkmode.gif
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/device_prompt_tap_yes.gif
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/device_prompt_tap_yes_darkmode.gif
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kid_success.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kid_success_darkmode.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidfork_who_will_use_dark_v2.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidfork_who_will_use_updated.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidfork_who_will_use_updated_darkmode.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidfork_who_will_use_v2.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignin_not_ready.png
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignin_stick_around_1.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignin_stick_around_dark_1.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_child_account_1.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_child_account_darkmode_1.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_child_privacy_1.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_child_privacy_darkmode_1.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_created.png
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_double_device.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_double_device_darkmode.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_full_house.png
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_link_accounts_1.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_link_accounts_darkmode_1.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_parent_app_decision.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_parent_app_decision_darkmode.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_parent_supervision_1.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_parent_supervision_darkmode_1.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_respect_others_1.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_respect_others_darkmode_1.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_single_device.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_single_device_darkmode.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_stop.png
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/personalization_reminders.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/phone_number_sign_in_2x.png
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/return_to_desktop.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/return_to_desktop_darkmode.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key.gif
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key_ios_center.png
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key_laptop.gif
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key_nfc_discovered.gif
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key_nfc_discovered_darkmode.gif
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key_phone.gif
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/signin_googleapp_ios.gif
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/signin_googleapp_pulldown.gif
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/signin_tapyes.gif
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/smart_lock_2x.png
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/usb_key.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/web_and_app_activity.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/who_will_be_using_this_device.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/you_tube_history.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/accounts/feature_not_available.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/accounts/feature_not_available_dark.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/gmail_ios_authzen.gif
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/paaskey.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_challenge.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_challenge_darkmode.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_darkmode.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_cross_device.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_cross_device_darkmode.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_darkmode.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_error.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_error_darkmode.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_reauth.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_reauth_darkmode.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_success.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_success_darkmode.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkeyerror.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkeyerror_darkmode.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/red_globe_dark.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/red_globe_light.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/screenlock.png
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_ipad.gif
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_iphone.gif
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_iphone_nfc.gif
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_iphone_usb.gif
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_phone.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_keys.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/success_checkmark_2.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/success_checkmark_2_darkmode.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/accounts/ui/loading_spinner_gm.gif
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/accounts/ui/progress_spinner_color_20dp_4x.gif
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/accounts/ui/success-gm-default_2x.png
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/apps/signup/resources/custom-email-address.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/images/hpp/shield_security_checkup_green_2x_web_96dp.png
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/images/chaptering/account_setup_chapter_dark_1.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/images/chaptering/account_setup_chapter_v1.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/images/chaptering/device_setup_chapter_dark_v1.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/images/chaptering/device_setup_chapter_v1.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/images/chaptering/parental_control_chapter_dark_v1.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/images/chaptering/parental_control_chapter_v1.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/images/conversion/conversion_accountslinked.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/images/conversion/conversion_accountslinked_dark.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/images/conversion/conversion_childneedshelp.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/images/conversion/conversion_childneedshelp_dark.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/images/conversion/conversion_nextstepsforparents.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/images/conversion/conversion_nextstepsforparents_dark.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_allset.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_allset_dark.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_apps_devices.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_apps_devices_darkmode.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_areyousurekid.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_areyousurekid_dark.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_birthdayemail.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_birthdayemail_dark.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_choose_apps.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_choose_apps_darkmode.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_confirmation.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_exploremore.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_exploremore_dark.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_intro.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_intro_darkmode.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_privacy_terms_a18.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_privacy_terms_a18_darkmode.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_privacyterms.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_privacyterms_dark.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_review_settings.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_review_settings_darkmode.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_safe_search.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_safe_search_darkmode.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_success_unchanged_a18.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_success_unchanged_a18_darkmode.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_success_update_a18.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_success_update_a18_darkmode.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_supervision_choice.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_supervision_choice_a18.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_supervision_choice_a18_darkmode.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_supervision_choice_darkmode.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_supervisiongrad.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_supervisiongrad_dark.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/images/guardianlinking/linking_complete_0.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/images/guardianlinking/linking_complete_dark_0.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/ads_personalization.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/ads_personalization_darkmode.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/confirmation.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/confirmation_darkmode.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/eligibility_error.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/eligibility_error_darkmode.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/fork.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/fork_darkmode.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/intro.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/intro_darkmode.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/personal_results.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/personal_results_darkmode.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/safe_search.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/safe_search_darkmode.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/check_notifications.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/check_notifications_dark.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_installing_family_link_2.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_installing_family_link_dark_2.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_location_sharing_2.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_location_sharing_dark_2.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_parental_controls_2.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_parental_controls_dark_2.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_school_time_2.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_school_time_dark_2.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/location_sharing_enabled_2.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/location_sharing_enabled_dark_3.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/parent_sign_in_prologue_1.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/parent_sign_in_prologue_dark_1.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_complete_1.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_complete_dark_1.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_contacts_2.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_contacts_dark_2.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_family_link_boy_1.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_family_link_boy_dark_1.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_family_link_girl_2.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_family_link_girl_dark_2.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/ulp_continue_without_gmail_dark_v2.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/ulp_continue_without_gmail_v2.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/all_set.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/all_set_dark.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/are_you_sure_parent.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/are_you_sure_parent_dark.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/content_restriction.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/content_restriction_dark.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/error.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/error_dark.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/how_controls_work.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/how_controls_work_dark.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/next_steps.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/next_steps_dark.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/setup_controls.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/setup_controls_dark.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/who_parent.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/who_parent_dark.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/who_teen.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/who_teen_dark.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/images/teentoadultgraduation/supervision_choice.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/images/teentoadultgraduation/supervision_choice_darkmode.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/images/ulp_appblock/kid_setup_parent_escalation.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/images/ulp_appblock/kid_setup_parent_escalation_dark.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/images/ulp_appblock/send_email_confirmation.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/images/ulp_appblock/send_email_confirmation_dark.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/images/ulp_appblock/success_sent_email.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/images/ulp_appblock/success_sent_email_dark.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/images/ulpupgrade/kidprofileupgrade_all_set.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/images/ulpupgrade/kidprofileupgrade_all_set_darkmode.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/all_set.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/all_set_dark.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/almost_done_kids_space_dark.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/almost_done_kids_space_v2.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/devices_connected_tablet_v2.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/devices_connected_tablet_v2_dark.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/devices_connected_v2.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/devices_connected_v2_dark.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/emailinstallfamilylink.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/emailinstallfamilylink_dark.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/familylinkinstalling.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/familylinkinstalling_dark.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/hand_over_device_dark_v2.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/hand_over_device_v2.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/linking_accounts_v2.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/linking_accounts_v2_dark.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/locationsetup.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/locationsetup_dark.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/manage_parental_controls_email.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/manage_parental_controls_email_v2.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/manage_parental_controls_email_v2_dark.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/manage_parental_controls_v2.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/manage_parental_controls_v2_dark.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/open_family_link_v2.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/open_family_link_v2_dark.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/parents_help.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/parents_help_dark.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/set_up_kids_space.png
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/set_up_kids_space_dark.png
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/setupcontrol.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/setupcontrol_dark.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/setuplocation.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/setuplocation_dark.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/setuptimelimits.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/setuptimelimits_dark.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/supervision_ready_v2.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/supervision_ready_v2_dark.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/youtubeaccess.svg
Source: chromecache_124.20.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/youtubeaccess_dark.svg
Source: chromecache_113.20.drString found in binary or memory: https://support.google.com/accounts?hl=
Source: chromecache_113.20.drString found in binary or memory: https://support.google.com/accounts?p=new-si-ui
Source: chromecache_113.20.drString found in binary or memory: https://support.google.com/websearch/answer/4358949?hl=ko&ref_topic=3285072
Source: chromecache_124.20.drString found in binary or memory: https://uberproxy-pen-redirect.corp.google.com/uberproxy/pen?url=
Source: chromecache_113.20.drString found in binary or memory: https://www.google.com
Source: chromecache_113.20.drString found in binary or memory: https://www.google.com/intl/
Source: chromecache_124.20.drString found in binary or memory: https://www.gstatic.com/accounts/speedbump/authzen_optin_illustration.gif
Source: chromecache_124.20.drString found in binary or memory: https://www.gstatic.com/images/branding/product/2x/chrome_48dp.png
Source: chromecache_124.20.drString found in binary or memory: https://www.gstatic.com/images/branding/product/2x/googleg_48dp.png
Source: chromecache_124.20.drString found in binary or memory: https://www.gstatic.com/images/branding/product/2x/gsa_48dp.png
Source: chromecache_124.20.drString found in binary or memory: https://www.gstatic.com/images/branding/product/2x/play_prism_48dp.png
Source: chromecache_124.20.drString found in binary or memory: https://www.gstatic.com/images/branding/product/2x/youtube_48dp.png
Source: chromecache_113.20.drString found in binary or memory: https://www.gstatic.com/images/branding/productlogos/googleg/v6/36px.svg
Source: chromecache_113.20.drString found in binary or memory: https://www.youtube.com/t/terms?chromeless=1&hl=
Source: chromecache_113.20.drString found in binary or memory: https://youtube.com/t/terms?gl=
Source: unknownNetwork traffic detected: HTTP traffic on port 49674 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49677 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49671 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.10:49719 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.10:49723 version: TLS 1.2
Source: unknownHTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.10:49749 version: TLS 1.2
Source: unknownHTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.10:49762 version: TLS 1.2
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00BCEAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,1_2_00BCEAFF
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00BCED6A OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,1_2_00BCED6A
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00BCEAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,1_2_00BCEAFF
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00BBAA57 GetKeyboardState,SetKeyboardState,PostMessageW,SendInput,1_2_00BBAA57
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00BE9576 DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,1_2_00BE9576

System Summary

barindex
Binary is likely a compiled AutoIt script file
Source: file.exeString found in binary or memory: This is a third-party compiled AutoIt script.
Source: file.exe, 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: This is a third-party compiled AutoIt script.memstr_d5d79bc2-2
Source: file.exe, 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_0d9a6f08-0
Source: file.exeString found in binary or memory: This is a third-party compiled AutoIt script.memstr_a8426fee-4
Source: file.exeString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_5a1c6089-7
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00BBD5EB: CreateFileW,DeviceIoControl,CloseHandle,1_2_00BBD5EB
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00BB1201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,1_2_00BB1201
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00BBE8F6 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,1_2_00BBE8F6
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00B580601_2_00B58060
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00BC20461_2_00BC2046
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00BB82981_2_00BB8298
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00B8E4FF1_2_00B8E4FF
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00B8676B1_2_00B8676B
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00BE48731_2_00BE4873
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00B7CAA01_2_00B7CAA0
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00B5CAF01_2_00B5CAF0
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00B6CC391_2_00B6CC39
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00B86DD91_2_00B86DD9
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00B591C01_2_00B591C0
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00B6B1191_2_00B6B119
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00B713941_2_00B71394
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00B717061_2_00B71706
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00B7781B1_2_00B7781B
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00B719B01_2_00B719B0
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00B579201_2_00B57920
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00B6997D1_2_00B6997D
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00B77A4A1_2_00B77A4A
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00B77CA71_2_00B77CA7
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00B71C771_2_00B71C77
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00B89EEE1_2_00B89EEE
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00BDBE441_2_00BDBE44
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00B71F321_2_00B71F32
Source: C:\Users\user\Desktop\file.exeCode function: String function: 00B59CB3 appears 31 times
Source: C:\Users\user\Desktop\file.exeCode function: String function: 00B70A30 appears 46 times
Source: C:\Users\user\Desktop\file.exeCode function: String function: 00B6F9F2 appears 40 times
Source: file.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
Source: classification engineClassification label: mal64.evad.winEXE@54/36@12/8
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00BC37B5 GetLastError,FormatMessageW,1_2_00BC37B5
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00BB10BF AdjustTokenPrivileges,CloseHandle,1_2_00BB10BF
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00BB16C3 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,1_2_00BB16C3
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00BC51CD SetErrorMode,GetDiskFreeSpaceExW,SetErrorMode,1_2_00BC51CD
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00BDA67C CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,1_2_00BDA67C
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00BC648E _wcslen,CoInitialize,CoCreateInstance,CoUninitialize,1_2_00BC648E
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00B542A2 CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource,1_2_00B542A2
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6260:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7752:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7904:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8060:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7380:120:WilError_03
Source: file.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: file.exeReversingLabs: Detection: 13%
Source: unknownProcess created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T
Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T
Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T
Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T
Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T
Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --start-fullscreen --no-first-run --disable-session-crashed-bubble --disable-infobars
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 --field-trial-handle=1996,i,17554798086462426449,3277039695705647036,262144 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4572 --field-trial-handle=1996,i,17554798086462426449,3277039695705647036,262144 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4528 --field-trial-handle=1996,i,17554798086462426449,3277039695705647036,262144 /prefetch:8
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /TJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /TJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /TJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /TJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /TJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --start-fullscreen --no-first-run --disable-session-crashed-bubble --disable-infobarsJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 --field-trial-handle=1996,i,17554798086462426449,3277039695705647036,262144 /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4572 --field-trial-handle=1996,i,17554798086462426449,3277039695705647036,262144 /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4528 --field-trial-handle=1996,i,17554798086462426449,3277039695705647036,262144 /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: wsock32.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
Source: Google Drive.lnk.18.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.18.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.18.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.18.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.18.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.18.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00B542DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,1_2_00B542DE
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00B70A76 push ecx; ret 1_2_00B70A89
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnkJump to behavior
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00B6F98E GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,1_2_00B6F98E
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00BE1C41 IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,1_2_00BE1C41
Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Malware Analysis System Evasion

barindex
Found API chain indicative of sandbox detection
Source: C:\Users\user\Desktop\file.exeSandbox detection routine: GetForegroundWindow, DecisionNode, Sleepgraph_1-97180
Source: C:\Users\user\Desktop\file.exeWindow / User API: threadDelayed 7071Jump to behavior
Source: C:\Users\user\Desktop\file.exeWindow / User API: foregroundWindowGot 1774Jump to behavior
Source: C:\Users\user\Desktop\file.exeAPI coverage: 3.6 %
Source: C:\Users\user\Desktop\file.exe TID: 7704Thread sleep time: -70710s >= -30000sJump to behavior
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Users\user\Desktop\file.exeThread sleep count: Count: 7071 delay: -10Jump to behavior
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00BBDBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,1_2_00BBDBBE
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00B8C2A2 FindFirstFileExW,1_2_00B8C2A2
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00BC68EE FindFirstFileW,FindClose,1_2_00BC68EE
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00BC698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,1_2_00BC698F
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00BBD076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,1_2_00BBD076
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00BBD3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,1_2_00BBD3A9
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00BC9642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,1_2_00BC9642
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00BC979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,1_2_00BC979D
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00BC9B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,1_2_00BC9B2B
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00BC5C97 FindFirstFileW,FindNextFileW,FindClose,1_2_00BC5C97
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00B542DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,1_2_00B542DE
Source: C:\Users\user\Desktop\file.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00BCEAA2 BlockInput,1_2_00BCEAA2
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00B82622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00B82622
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00B542DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,1_2_00B542DE
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00B74CE8 mov eax, dword ptr fs:[00000030h]1_2_00B74CE8
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00BB0B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,1_2_00BB0B62
Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00B82622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00B82622
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00B7083F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00B7083F
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00B709D5 SetUnhandledExceptionFilter,1_2_00B709D5
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00B70C21 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00B70C21
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00BB1201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,1_2_00BB1201
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00B92BA5 KiUserCallbackDispatcher,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,1_2_00B92BA5
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00BBB226 SendInput,keybd_event,1_2_00BBB226
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00BD22DA GetForegroundWindow,GetDesktopWindow,GetWindowRect,mouse_event,GetCursorPos,mouse_event,1_2_00BD22DA
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /TJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /TJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /TJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /TJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /TJump to behavior
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00BB0B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,1_2_00BB0B62
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00BB1663 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,1_2_00BB1663
Source: file.exeBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
Source: file.exeBinary or memory string: Shell_TrayWnd
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00B70698 cpuid 1_2_00B70698
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00BC8195 GetLocalTime,SystemTimeToFileTime,LocalFileTimeToFileTime,GetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,1_2_00BC8195
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00BAD27A GetUserNameW,1_2_00BAD27A
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00B8B952 _free,_free,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,_free,1_2_00B8B952
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00B542DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,1_2_00B542DE
Source: file.exeBinary or memory string: WIN_81
Source: file.exeBinary or memory string: WIN_XP
Source: file.exeBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_11WIN_10WIN_2022WIN_2019WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\AppearanceUSERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte64HKEY_LOCAL_MACHINEHKLMHKEY_CLASSES_ROOTHKCRHKEY_CURRENT_CONFIGHKCCHKEY_CURRENT_USERHKCUHKEY_USERSHKUREG_EXPAND_SZREG_SZREG_MULTI_SZREG_DWORDREG_QWORDREG_BINARYRegDeleteKeyExWadvapi32.dll+.-.\\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs](*UCP)\XISVISIBLEISENABLEDTABLEFTTABRIGHTCURRENTTABSHOWDROPDOWNHIDEDROPDOWNADDSTRINGDELSTRINGFINDSTRINGGETCOUNTSETCURRENTSELECTIONGETCURRENTSELECTIONSELECTSTRINGISCHECKEDCHECKUNCHECKGETSELECTEDGETLINECOUNTGETCURRENTLINEGETCURRENTCOLEDITPASTEGETLINESENDCOMMANDIDGETITEMCOUNTGETSUBITEMCOUNTGETTEXTGETSELECTEDCOUNTISSELECTEDSELECTALLSELECTCLEARSELECTINVERTDESELECTFINDITEMVIEWCHANGEGETTOTALCOUNTCOLLAPSEEXPANDmsctls_statusbar321tooltips_class32%d/%02d/%02dbuttonComboboxListboxSysDateTimePick32SysMonthCal32.icl.exe.dllMsctls_Progress32msctls_trackbar32SysAnimate32msctls_updown32SysTabControl32SysTreeView32SysListView32-----@GUI_DRAGID@GUI_DROPID@GUI_DRAGFILEError text not found (please report)Q\EDEFINEUTF16)UTF)UCP)NO_AUTO_POSSESS)NO_START_OPT)LIMIT_MATCH=LIMIT_RECURSION=CR)LF)CRLF)ANY)ANYCRLF)BSR_ANYCRLF)BSR_UNICODE)argument is not a compiled regular expressionargument not compiled in 16 bit modeinternal error: opcode not recognizedinternal error: missing capturing bracketfailed to get memory
Source: file.exeBinary or memory string: WIN_XPe
Source: file.exeBinary or memory string: WIN_VISTA
Source: file.exeBinary or memory string: WIN_7
Source: file.exeBinary or memory string: WIN_8
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00BD1204 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,listen,WSAGetLastError,closesocket,1_2_00BD1204
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00BD1806 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,1_2_00BD1806

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire Infrastructure2
Valid Accounts		1
Windows Management Instrumentation		1
DLL Side-Loading		1
Exploitation for Privilege Escalation		2
Disable or Modify Tools		21
Input Capture		2
System Time Discovery		Remote Services1
Archive Collected Data		2
Ingress Tool Transfer		Exfiltration Over Other Network Medium1
System Shutdown/Reboot
CredentialsDomainsDefault Accounts1
Native API		2
Valid Accounts		1
DLL Side-Loading		1
Deobfuscate/Decode Files or Information		LSASS Memory1
Account Discovery		Remote Desktop Protocol21
Input Capture		11
Encrypted Channel		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAt1
Registry Run Keys / Startup Folder		2
Valid Accounts		2
Obfuscated Files or Information		Security Account Manager1
File and Directory Discovery		SMB/Windows Admin Shares3
Clipboard Data		3
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook21
Access Token Manipulation		1
DLL Side-Loading		NTDS16
System Information Discovery		Distributed Component Object ModelInput Capture4
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script2
Process Injection		1
Masquerading		LSA Secrets12
Security Software Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts1
Registry Run Keys / Startup Folder		2
Valid Accounts		Cached Domain Credentials12
Virtualization/Sandbox Evasion		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items12
Virtualization/Sandbox Evasion		DCSync3
Process Discovery		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job21
Access Token Manipulation		Proc Filesystem11
Application Window Discovery		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt2
Process Injection		/etc/passwd and /etc/shadow1
System Owner/User Discovery		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1525192 Sample: file.exe Startdate: 03/10/2024 Architecture: WINDOWS Score: 64 46 Multi AV Scanner detection for submitted file 2->46 48 Binary is likely a compiled AutoIt script file 2->48 50 Machine Learning detection for sample 2->50 52 AI detected suspicious sample 2->52 7 file.exe 2->7         started        process3 signatures4 54 Binary is likely a compiled AutoIt script file 7->54 56 Found API chain indicative of sandbox detection 7->56 10 chrome.exe 9 7->10         started        13 taskkill.exe 1 7->13         started        15 taskkill.exe 1 7->15         started        17 3 other processes 7->17 process5 dnsIp6 42 192.168.2.10, 138, 443, 49432 unknown unknown 10->42 44 239.255.255.250 unknown Reserved 10->44 19 chrome.exe 10->19         started        22 chrome.exe 10->22         started        24 chrome.exe 6 10->24         started        26 conhost.exe 13->26         started        28 conhost.exe 15->28         started        30 conhost.exe 17->30         started        32 conhost.exe 17->32         started        34 conhost.exe 17->34         started        process7 dnsIp8 36 youtube-ui.l.google.com 142.250.181.238, 443, 49712 GOOGLEUS United States 19->36 38 142.250.185.110, 443, 49767, 49768 GOOGLEUS United States 19->38 40 6 other IPs or domains 19->40

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
file.exe13%ReversingLabs
file.exe100%Joe Sandbox ML

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://play.google/intl/0%URL Reputationsafe
https://families.google.com/intl/0%URL Reputationsafe
https://policies.google.com/technologies/location-data0%URL Reputationsafe
https://apis.google.com/js/api.js0%URL Reputationsafe
https://policies.google.com/privacy/google-partners0%URL Reputationsafe
https://policies.google.com/terms/service-specific0%URL Reputationsafe
https://g.co/recover0%URL Reputationsafe
https://policies.google.com/privacy/additional0%URL Reputationsafe
https://support.google.com/websearch/answer/4358949?hl=ko&ref_topic=32850720%URL Reputationsafe
https://policies.google.com/technologies/cookies0%URL Reputationsafe
https://policies.google.com/terms0%URL Reputationsafe
https://uberproxy-pen-redirect.corp.google.com/uberproxy/pen?url=0%URL Reputationsafe
https://support.google.com/accounts?hl=0%URL Reputationsafe
https://policies.google.com/terms/location0%URL Reputationsafe
https://policies.google.com/privacy0%URL Reputationsafe
https://support.google.com/accounts?p=new-si-ui0%URL Reputationsafe
https://apis.google.com/js/rpc:shindig_random.js?onload=credentialservice.postMessage0%URL Reputationsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
youtube-ui.l.google.com
142.250.181.238
truefalse
    		unknown
    www3.l.google.com
    		142.250.185.174
    		truefalse
      		unknown
      play.google.com
      		142.250.186.142
      		truefalse
        		unknown
        www.google.com
        		216.58.212.132
        		truefalse
          		unknown
          youtube.com
          		172.217.16.206
          		truefalse
            		unknown
            accounts.youtube.com
            		unknown
            		unknownfalse
              		unknown
              www.youtube.com
              		unknown
              		unknownfalse
                		unknown

                Contacted URLs

                NameMaliciousAntivirus DetectionReputation
                https://play.google.com/log?format=json&hasfast=true&authuser=0false
                  		unknown
                  https://www.google.com/favicon.icofalse
                    		unknown
                    https://play.google.com/log?hasfast=true&authuser=0&format=jsonfalse
                      		unknown

                      URLs from Memory and Binaries

                      NameSourceMaliciousAntivirus DetectionReputation
                      https://play.google/intl/chromecache_113.20.drfalse
                      • URL Reputation: safe
                      		unknown
                      https://families.google.com/intl/chromecache_113.20.drfalse
                      • URL Reputation: safe
                      		unknown
                      https://youtube.com/t/terms?gl=chromecache_113.20.drfalse
                        		unknown
                        https://policies.google.com/technologies/location-datachromecache_113.20.drfalse
                        • URL Reputation: safe
                        		unknown
                        https://www.google.com/intl/chromecache_113.20.drfalse
                          		unknown
                          https://apis.google.com/js/api.jschromecache_124.20.drfalse
                          • URL Reputation: safe
                          		unknown
                          https://policies.google.com/privacy/google-partnerschromecache_113.20.drfalse
                          • URL Reputation: safe
                          		unknown
                          https://play.google.com/work/enroll?identifier=chromecache_113.20.drfalse
                            		unknown
                            https://policies.google.com/terms/service-specificchromecache_113.20.drfalse
                            • URL Reputation: safe
                            		unknown
                            https://g.co/recoverchromecache_113.20.drfalse
                            • URL Reputation: safe
                            		unknown
                            https://policies.google.com/privacy/additionalchromecache_113.20.drfalse
                            • URL Reputation: safe
                            		unknown
                            https://support.google.com/websearch/answer/4358949?hl=ko&ref_topic=3285072chromecache_113.20.drfalse
                            • URL Reputation: safe
                            		unknown
                            https://policies.google.com/technologies/cookieschromecache_113.20.drfalse
                            • URL Reputation: safe
                            		unknown
                            https://policies.google.com/termschromecache_113.20.drfalse
                            • URL Reputation: safe
                            		unknown
                            https://uberproxy-pen-redirect.corp.google.com/uberproxy/pen?url=chromecache_124.20.drfalse
                            • URL Reputation: safe
                            		unknown
                            https://www.google.comchromecache_113.20.drfalse
                              		unknown
                              https://play.google.com/log?format=json&hasfast=truechromecache_113.20.drfalse
                                		unknown
                                https://www.youtube.com/t/terms?chromeless=1&hl=chromecache_113.20.drfalse
                                  		unknown
                                  https://support.google.com/accounts?hl=chromecache_113.20.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://policies.google.com/terms/locationchromecache_113.20.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://policies.google.com/privacychromecache_113.20.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://support.google.com/accounts?p=new-si-uichromecache_113.20.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://apis.google.com/js/rpc:shindig_random.js?onload=credentialservice.postMessagechromecache_113.20.drfalse
                                  • URL Reputation: safe
                                  		unknown

                                  World Map of Contacted IPs

                                  • No. of IPs < 25%
                                  • 25% < No. of IPs < 50%
                                  • 50% < No. of IPs < 75%
                                  • 75% < No. of IPs

                                  Public IPs

                                  IPDomainCountryFlagASNASN NameMalicious
                                  216.58.212.132
                                  		www.google.comUnited States
                                  		15169GOOGLEUSfalse
                                  172.217.16.206
                                  		youtube.comUnited States
                                  		15169GOOGLEUSfalse
                                  142.250.185.110
                                  		unknownUnited States
                                  		15169GOOGLEUSfalse
                                  142.250.181.238
                                  		youtube-ui.l.google.comUnited States
                                  		15169GOOGLEUSfalse
                                  239.255.255.250
                                  		unknownReserved
                                  		unknownunknownfalse
                                  142.250.185.174
                                  		www3.l.google.comUnited States
                                  		15169GOOGLEUSfalse
                                  142.250.186.142
                                  		play.google.comUnited States
                                  		15169GOOGLEUSfalse

                                  Private

                                  IP
                                  192.168.2.10

                                  General Information

                                  Joe Sandbox version:41.0.0 Charoite
                                  Analysis ID:1525192
                                  Start date and time:2024-10-03 20:45:11 +02:00
                                  Joe Sandbox product:CloudBasic
                                  Overall analysis duration:0h 5m 20s
                                  Hypervisor based Inspection enabled:false
                                  Report type:full
                                  Cookbook file name:default.jbs
                                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                  Number of analysed new started processes analysed:29
                                  Number of new started drivers analysed:0
                                  Number of existing processes analysed:0
                                  Number of existing drivers analysed:0
                                  Number of injected processes analysed:0
                                  Technologies:
                                  • HCA enabled
                                  • EGA enabled
                                  • AMSI enabled
                                  Analysis Mode:default
                                  Analysis stop reason:Timeout
                                  Sample name:file.exe
                                  Detection:MAL
                                  Classification:mal64.evad.winEXE@54/36@12/8
                                  EGA Information:
                                  • Successful, ratio: 100%
                                  HCA Information:
                                  • Successful, ratio: 95%
                                  • Number of executed functions: 39
                                  • Number of non-executed functions: 312
                                  Cookbook Comments:
                                  • Found application associated with file extension: .exe

                                  Warnings

                                  • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, Sgrmuserer.exe, conhost.exe, svchost.exe
                                  • Excluded IPs from analysis (whitelisted): 142.250.185.227, 142.250.186.110, 64.233.184.84, 34.104.35.123, 216.58.212.170, 216.58.212.138, 142.250.184.234, 142.250.185.202, 142.250.185.170, 142.250.184.202, 142.250.186.170, 172.217.16.138, 142.250.181.234, 142.250.185.74, 142.250.186.42, 142.250.185.106, 172.217.18.10, 142.250.185.138, 216.58.206.42, 142.250.185.234, 142.250.185.163, 142.250.181.227, 142.250.186.106, 172.217.16.202, 142.250.186.138, 142.250.186.74, 199.232.214.172, 216.58.212.163, 142.250.110.84, 142.250.185.142
                                  • Excluded domains from analysis (whitelisted): clients1.google.com, fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, slscr.update.microsoft.com, fonts.gstatic.com, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, update.googleapis.com, clients.l.google.com, www.gstatic.com, optimizationguide-pa.googleapis.com
                                  • Not all processes where analyzed, report is missing behavior information
                                  • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                  • VT rate limit hit for: file.exe

                                  Simulations

                                  Behavior and APIs

                                  No simulations

                                  Joe Sandbox View / Context

                                  IPs

                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                  239.255.255.250https://auth-owlting.com/enterprise/core.jsGet hashmaliciousUnknownBrowse
                                    https://www.salarytoolint.net/lam/c650d2e0-ca12-4bbd-8ff2-35011d35d0af/a717ea91-20df-42de-8c6b-2dc111827916/c05902dd-1112-4a4c-81f2-0bf48471902f/login?id=eHFCV2l4bzZWNDNkSEk1T2EvVTd3dkoyNlIxaUJuY3g1TWRhbmM2MlF4S01yN2FZOXVoV2F1TUloUFJzQWwvREl6cFB2SEpPbHdRUENta1E2UXM3MW10MllxU1N6eGZmUktOdWgwMG5IcnVNRlhpTkpMb1pzczZIK1NBaGdHd1J5V1BjeW4zbXU4enczMDRvekpNUHlEZEJxVkNqVjVZNU5HWnNVeEpKTjgvblZBMUVQbHUxL1FLcVhCcHV6RUtQeDluUFFqQXlNRWJKSjZRZGRtQ1VwbEpHQkE1VU1EZ2hxMnQzSWdMWGthWFhqZTVOVy9wUlRyaXJoMzd6eGV6N2p1YUMrVGxORzdwQTNZeExtbGNvUFZ4bU1zU2lUcnJhRDdMMVFLaWtDWUZoeVpvdWphTVFwa1ZobTkzVEdWSisvSEVxQk82blo5TEhSdmowcDhra2dJNzFZcW5ra1FtRlY4azV5MkVrQjdVaGtPZFpCNWdrN214dEZBV21BTlZEY3FteVVCTGNzYVBTZDNhNXVIeEl1VTdXZ2tpL2RiOVhWeEZPWHhsLzNia0h0NVpCdVI4TVYvVzZiUHpKZnp4VQGet hashmaliciousUnknownBrowse
                                      https://wvr4dgzxxavl6jjpq7rl.igortsaplin.pro/WFzFCiNxGet hashmaliciousHTMLPhisherBrowse
                                        https://www.calameo.com/read/0077804248b46bb5a7c19Get hashmaliciousHtmlDropperBrowse
                                          http://usaf.gov.ssGet hashmaliciousUnknownBrowse
                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                              https://livelovelead.coach/wp-admin/readme.htmlGet hashmaliciousPhisherBrowse
                                                https://secured.viewonlineportalshared.com/Get hashmaliciousHtmlDropper, HTMLPhisherBrowse
                                                  https://dsfghfdaregfdgshfgdfh.blob.core.windows.net/dsfghfdaregfdgshfgdfh/l1.html#9/372-16527/1270-243896-29108Get hashmaliciousPhisherBrowse
                                                    file.exeGet hashmaliciousCredential FlusherBrowse

                                                      Domains

                                                      No context

                                                      ASNs

                                                      No context

                                                      JA3 Fingerprints

                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                      28a2c9bd18a11de089ef85a160da29e4https://auth-owlting.com/enterprise/core.jsGet hashmaliciousUnknownBrowse
                                                      • 4.245.163.56
                                                      • 184.28.90.27
                                                      https://www.salarytoolint.net/lam/c650d2e0-ca12-4bbd-8ff2-35011d35d0af/a717ea91-20df-42de-8c6b-2dc111827916/c05902dd-1112-4a4c-81f2-0bf48471902f/login?id=eHFCV2l4bzZWNDNkSEk1T2EvVTd3dkoyNlIxaUJuY3g1TWRhbmM2MlF4S01yN2FZOXVoV2F1TUloUFJzQWwvREl6cFB2SEpPbHdRUENta1E2UXM3MW10MllxU1N6eGZmUktOdWgwMG5IcnVNRlhpTkpMb1pzczZIK1NBaGdHd1J5V1BjeW4zbXU4enczMDRvekpNUHlEZEJxVkNqVjVZNU5HWnNVeEpKTjgvblZBMUVQbHUxL1FLcVhCcHV6RUtQeDluUFFqQXlNRWJKSjZRZGRtQ1VwbEpHQkE1VU1EZ2hxMnQzSWdMWGthWFhqZTVOVy9wUlRyaXJoMzd6eGV6N2p1YUMrVGxORzdwQTNZeExtbGNvUFZ4bU1zU2lUcnJhRDdMMVFLaWtDWUZoeVpvdWphTVFwa1ZobTkzVEdWSisvSEVxQk82blo5TEhSdmowcDhra2dJNzFZcW5ra1FtRlY4azV5MkVrQjdVaGtPZFpCNWdrN214dEZBV21BTlZEY3FteVVCTGNzYVBTZDNhNXVIeEl1VTdXZ2tpL2RiOVhWeEZPWHhsLzNia0h0NVpCdVI4TVYvVzZiUHpKZnp4VQGet hashmaliciousUnknownBrowse
                                                      • 4.245.163.56
                                                      • 184.28.90.27
                                                      https://wvr4dgzxxavl6jjpq7rl.igortsaplin.pro/WFzFCiNxGet hashmaliciousHTMLPhisherBrowse
                                                      • 4.245.163.56
                                                      • 184.28.90.27
                                                      https://www.calameo.com/read/0077804248b46bb5a7c19Get hashmaliciousHtmlDropperBrowse
                                                      • 4.245.163.56
                                                      • 184.28.90.27
                                                      http://usaf.gov.ssGet hashmaliciousUnknownBrowse
                                                      • 4.245.163.56
                                                      • 184.28.90.27
                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                      • 4.245.163.56
                                                      • 184.28.90.27
                                                      https://livelovelead.coach/wp-admin/readme.htmlGet hashmaliciousPhisherBrowse
                                                      • 4.245.163.56
                                                      • 184.28.90.27
                                                      https://secured.viewonlineportalshared.com/Get hashmaliciousHtmlDropper, HTMLPhisherBrowse
                                                      • 4.245.163.56
                                                      • 184.28.90.27
                                                      https://dsfghfdaregfdgshfgdfh.blob.core.windows.net/dsfghfdaregfdgshfgdfh/l1.html#9/372-16527/1270-243896-29108Get hashmaliciousPhisherBrowse
                                                      • 4.245.163.56
                                                      • 184.28.90.27
                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                      • 4.245.163.56
                                                      • 184.28.90.27

                                                      Dropped Files

                                                      No context

                                                      Created / dropped Files

                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

                                                      Download File
                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 3 17:46:08 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                                                      Category:dropped
                                                      Size (bytes):2673
                                                      Entropy (8bit):3.987535977351098
                                                      Encrypted:false
                                                      SSDEEP:48:8YDbdbTcvHHidAKZdA1uehwiZUklqeh1y+3:8YdQKyy
                                                      MD5:AA5E5FD4A998E103268F7415800CF8BA
                                                      SHA1:5255B0635A5B0336F16969EEDDE280B4B3D680BA
                                                      SHA-256:E4FA3C3A66A726CF28C155B3A798224E089987E4D0BF122CA684299964C5FD22
                                                      SHA-512:F79245240C5DC7D5D6E391AD19D0CC11BEEA580ECECC446F5399D48E93C22E2070825FE802C814ED237EEA5EFDEBA185C5836D4DF7F6AFA131DAA32F859C3634
                                                      Malicious:false
                                                      Preview:L..................F.@.. ...$+.,....|.T.........y... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW$O..PROGRA~1..t......O.ICY.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VCY.....L.....................p+j.G.o.o.g.l.e.....T.1.....EW.L..Chrome..>......CW.VCY.....M......................k..C.h.r.o.m.e.....`.1.....EW.L..APPLIC~1..H......CW.VCY............................k..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VCY.....N.......................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............".Y.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

                                                      Download File
                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 3 17:46:08 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                                                      Category:dropped
                                                      Size (bytes):2675
                                                      Entropy (8bit):4.0041069569096495
                                                      Encrypted:false
                                                      SSDEEP:48:8TDbdbTcvHHidAKZdA1Heh/iZUkAQkqehiy+2:8TdQU9Qvy
                                                      MD5:A73541B63CA178AEC5BC65E9D9D723CC
                                                      SHA1:FBBF39310DF4935187EED8B815202216A1854537
                                                      SHA-256:3171F25EE16779DB43B5F6225F7C56E3EF6D3A920647DA96E6A0B244CAF12C2F
                                                      SHA-512:57A5DF958516E208292B3544EA0D6CC2CA072B4FE9716C2E1177E0F20EE8DF2616868595F11A403005DEB9851659A8237311964EC2396158534AEE7A886C5C4D
                                                      Malicious:false
                                                      Preview:L..................F.@.. ...$+.,......H.........y... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW$O..PROGRA~1..t......O.ICY.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VCY.....L.....................p+j.G.o.o.g.l.e.....T.1.....EW.L..Chrome..>......CW.VCY.....M......................k..C.h.r.o.m.e.....`.1.....EW.L..APPLIC~1..H......CW.VCY............................k..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VCY.....N.......................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............".Y.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

                                                      Download File
                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 5 08:59:33 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                                                      Category:dropped
                                                      Size (bytes):2689
                                                      Entropy (8bit):4.012145309858374
                                                      Encrypted:false
                                                      SSDEEP:48:8FDbdbTcbHHidAKZdA149eh7sFiZUkmgqeh7s8y+BX:8FdQ8ney
                                                      MD5:5F541EC07521AE747EB7422B2138C842
                                                      SHA1:376435C1C2F857873305E2120B28ABB2CC797EB0
                                                      SHA-256:81348125E8CF6DB31AA45B408C70735F0B46A4BF10F41C55B99731D2D0D9AE20
                                                      SHA-512:95DE3D37F4B4ECBE48564BA2B2EB7574C9CC7840F061B4AA9360F66D0BDC6EEB8FE6E2911D0779849432E3B8124619DEB396820098B734CC39465A4489D77FBE
                                                      Malicious:false
                                                      Preview:L..................F.@.. ...$+.,....K..r.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW$O..PROGRA~1..t......O.ICY.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VCY.....L.....................p+j.G.o.o.g.l.e.....T.1.....EW.L..Chrome..>......CW.VCY.....M......................k..C.h.r.o.m.e.....`.1.....EW.L..APPLIC~1..H......CW.VCY............................k..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VEW.L....N.......................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............".Y.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

                                                      Download File
                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 3 17:46:08 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                                                      Category:dropped
                                                      Size (bytes):2677
                                                      Entropy (8bit):3.999296762938444
                                                      Encrypted:false
                                                      SSDEEP:48:86DbdbTcvHHidAKZdA14ehDiZUkwqehWy+R:86dQPUy
                                                      MD5:AEB0B5DC5632C3C242AD9D2562B5086A
                                                      SHA1:618D749FE7379BDF56D42FDCFFDECB4520E803B8
                                                      SHA-256:CB36EF48BAEEB945E41A05C89E31A7E87E512DC94177CDC7DED494CA7544EC6F
                                                      SHA-512:33FB5B591960327AF69F787FBA3C079FDBF446616A08B24DFA3DEE7A7CBD33F79885CF632B761E606B642E03537A48F07C70742C243643660CA81A3A599BBF20
                                                      Malicious:false
                                                      Preview:L..................F.@.. ...$+.,......A.........y... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW$O..PROGRA~1..t......O.ICY.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VCY.....L.....................p+j.G.o.o.g.l.e.....T.1.....EW.L..Chrome..>......CW.VCY.....M......................k..C.h.r.o.m.e.....`.1.....EW.L..APPLIC~1..H......CW.VCY............................k..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VCY.....N.......................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............".Y.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

                                                      Download File
                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 3 17:46:08 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                                                      Category:dropped
                                                      Size (bytes):2677
                                                      Entropy (8bit):3.990217420759994
                                                      Encrypted:false
                                                      SSDEEP:48:8RDbdbTcvHHidAKZdA1mehBiZUk1W1qehYy+C:8RdQf94y
                                                      MD5:D4BF2FA9E7AF458156ED360B160F91C2
                                                      SHA1:A01A6A213E410154045E6B763D4D701D49B96666
                                                      SHA-256:CEE5F9D3EE148866766C5E6E000DEBDE48958B8B19EF6BDD6BF3E0E7081D4B76
                                                      SHA-512:F84FF48F938B047EE399AC5973E943A39AB9110BEA75F186A26C067ACA8193EAC468FE177AF388D0FEDEA8F94811B7CA7FEA1DB3F5B92D0B71E8183F909A72CE
                                                      Malicious:false
                                                      Preview:L..................F.@.. ...$+.,....}.M.........y... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW$O..PROGRA~1..t......O.ICY.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VCY.....L.....................p+j.G.o.o.g.l.e.....T.1.....EW.L..Chrome..>......CW.VCY.....M......................k..C.h.r.o.m.e.....`.1.....EW.L..APPLIC~1..H......CW.VCY............................k..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VCY.....N.......................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............".Y.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

                                                      Download File
                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 3 17:46:07 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                                                      Category:dropped
                                                      Size (bytes):2679
                                                      Entropy (8bit):3.9986038934401766
                                                      Encrypted:false
                                                      SSDEEP:48:8FDbdbTcvHHidAKZdA1duT1ehOuTbbiZUk5OjqehOuTbey+yT+:8FdQ+TyTbxWOvTbey7T
                                                      MD5:C9BF81369D028728674C085752B511DE
                                                      SHA1:6BE83A71F4527B75620EEBCE9992BEE12ADB57A1
                                                      SHA-256:C3D6E7B6393C89E82C5977CFBE853657D45B9DD63E657C5D843D80BB6A43CD84
                                                      SHA-512:EC0DD720520F581AE538DF147A02842ECB1062BB11BEA231CF0E6A11FCCEB6498AE16F5670560E9D2BBEFC8FDB50ABFF6D53ED847C7E80D1E28F26D935CA9878
                                                      Malicious:false
                                                      Preview:L..................F.@.. ...$+.,.... .5.........y... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW$O..PROGRA~1..t......O.ICY.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VCY.....L.....................p+j.G.o.o.g.l.e.....T.1.....EW.L..Chrome..>......CW.VCY.....M......................k..C.h.r.o.m.e.....`.1.....EW.L..APPLIC~1..H......CW.VCY............................k..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VCY.....N.......................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............".Y.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                      Chrome Cache Entry: 111

                                                      Download File
                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      File Type:ASCII text, with no line terminators
                                                      Category:downloaded
                                                      Size (bytes):84
                                                      Entropy (8bit):4.875266466142591
                                                      Encrypted:false
                                                      SSDEEP:3:DZFJu0+WVTBCq2Bjdw2KsJJuYHSKnZ:lFJuuVTBudw29nu4SKZ
                                                      MD5:87B6333E98B7620EA1FF98D1A837A39E
                                                      SHA1:105DE6815B0885357DE1414BFC0D77FCC9E924EF
                                                      SHA-256:DCD3C133C5C40BECD4100BBE6EDAE84C9735E778E4234A5E8395C56FF8A733BA
                                                      SHA-512:867D7943D813685FAA76394E53199750C55817E836FD19C933F74D11E9657CE66719A6D6B2E39EE1DE62358BCE364E38A55F4E138DF92337DE6985DDCD5D0994
                                                      Malicious:false
                                                      URL:https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xNDkSHgmA6QC9dWevzxIFDRkBE_oSBQ3oIX6GEgUN05ioBw==?alt=proto
                                                      Preview:Cj0KBw0ZARP6GgAKKQ3oIX6GGgQISxgCKhwIClIYCg5AIS4jJF8qLSY/Ky8lLBABGP////8PCgcN05ioBxoA

                                                      Chrome Cache Entry: 112

                                                      Download File
                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      File Type:ASCII text, with very long lines (522)
                                                      Category:downloaded
                                                      Size (bytes):5050
                                                      Entropy (8bit):5.30005628600801
                                                      Encrypted:false
                                                      SSDEEP:96:o75BuBxJfma7bGZABddEgf8nI4zLm4KGo8Vh1EabPVTq8fv/xRw:WHMmaX9r8Igp7nBlHo
                                                      MD5:D9F15F1AEAF15673336FAA3507D1A2A7
                                                      SHA1:FC79D00AF2E2D44FEBA701F12ECD4AFCA327F464
                                                      SHA-256:AA3574ADCF3826390918BC2D5DCD88D7BC63238A6022DEF3487A67A731C30E7A
                                                      SHA-512:D756961B6BFC478274E390B94D613BD837DA011D680FC6D67779A8E12C7F082EF977FC15D02C076F92BC1D2CE7EFDE48F82B4EC1BD12CF38AEDDAB1917E36041
                                                      Malicious:false
                                                      URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=xMFgKBi2EQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=A7fCU,AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,P6sQOc,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZDZcre,ZZ4WUe,ZakeSe,ZwDk9d,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,iAskyc,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,q0xTif,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,sOXFj,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,w9hDv,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziXSP,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGiXTMuN04FgQ4LzahFtNqboYL9eA/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=wg1P6b"
                                                      Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.oNa=_.z("wg1P6b",[_.XA,_.Fn,_.Nn]);._.k("wg1P6b");.var f6a;f6a=_.mh(["aria-"]);._.yJ=function(a){_.X.call(this,a.Fa);this.Ka=this.xa=this.aa=this.viewportElement=this.Na=null;this.Jc=a.Ea.ef;this.ab=a.Ea.focus;this.Fc=a.Ea.Fc;this.ea=this.Qi();a=-1*parseInt(_.Fo(this.Qi().el(),"marginTop")||"0",10);var b=parseInt(_.Fo(this.Qi().el(),"marginBottom")||"0",10);this.Ta={top:a,right:0,bottom:b,left:0};a=_.cf(this.getData("isMenuDynamic"),!1);b=_.cf(this.getData("isMenuHoisted"),!1);this.Ga=a?1:b?2:0;this.ka=!1;this.Ca=1;this.Ga!==1&&(this.aa=this.Sa("U0exHf").children().Wc(0),_.ku(this,.g6a(this,this.aa.el())));_.oF(this.oa())&&(a=this.oa().el(),b=this.we.bind(this),a.__soy_skip_handler=b)};_.J(_.yJ,_.X);_.yJ.Ba=function(){return{Ea:{ef:_.cF,focus:_.OE,Fc:_.uu}}};_.yJ.prototype.IF=function(a){var b=a.source;this.Na=b;var c;((c=a.data)==null?0:c.qz)?(a=a.data.qz,this.Ca=a==="MOUS

                                                      Chrome Cache Entry: 113

                                                      Download File
                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      File Type:ASCII text, with very long lines (5693)
                                                      Category:downloaded
                                                      Size (bytes):698852
                                                      Entropy (8bit):5.594980353163612
                                                      Encrypted:false
                                                      SSDEEP:6144:TN3KfgnkxgOYoRvEoQvSXwojVlmGa/ZLJiH7ZkvgTa5PB1+UO5Hx+B8U2+:TUMkxgOENagFxJiyU+
                                                      MD5:AA9FDCBE29C6D043DC83A7DAD848CCC3
                                                      SHA1:E3F0A387A0A4B060620C975E1C70AA20294F3F22
                                                      SHA-256:1A624C24D6D712C633F0B034606610DAD6B5AD7890FBFA3A9B204BD33207D60E
                                                      SHA-512:C93878CE1281349204ABDB4444B18A12C03A010D1A252827EBFE45523E834988CE95D6E625FF82A60934D7A275AD8DAAC689E4412C5719ACCA8C9E1D4365B4D3
                                                      Malicious:false
                                                      URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=xMFgKBi2EQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=LEikZe,_b,_tp,byfTOb,lsjVmc/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGiXTMuN04FgQ4LzahFtNqboYL9eA/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=n73qwf,SCuOPb,IZT63,vfuNJf,UUJqVe,ws9Tlc,siKnQd,XVq9Qb,STuCOe,njlZCf,m9oV,vjKJJ,y5vRwf,iyZMqd,NTMZac,mzzZzc,rCcCxc,vvMGie,K1ZKnb,ziZ8Mc,b3kMqb,mvkUhe,CMcBD,Fndnac,t2srLd,EN3i8d,z0u0L,xiZRqc,NOeYWe,O6y8ed,L9OGUe,PrPYRd,MpJwZc,qPfo0c,cYShmd,hc6Ubd,Rkm0ef,KUM7Z,oLggrd,inNHtf,L1AAkb,WpP9Yc,lwddkf,gJzDyc,SpsfSb,aC1iue,tUnxGc,aW3pY,ZakeSe,EFQ78c,xQtZb,I6YDgd,zbML3c,zr1jrb,vHEMJe,YHI3We,YTxL4,bSspM,Uas9Hd,zy0vNb,K0PMbc,AvtSve,qmdT9,MY7mZe,xBaz7b,GwYlN,eVCnO,EIOG1e,LDQI"
                                                      Preview:"use strict";_F_installCss(".r4WGQb{position:relative}.Dl08I>:first-child{margin-top:0}.Dl08I>:last-child{margin-bottom:0}.IzwVE{color:#1f1f1f;color:var(--gm3-sys-color-on-surface,#1f1f1f);font-family:\"Google Sans\",roboto,\"Noto Sans Myanmar UI\",arial,sans-serif;font-size:1.25rem;font-weight:400;letter-spacing:0rem;line-height:1.2}.l5PPKe{color:#1f1f1f;color:var(--gm3-sys-color-on-surface,#1f1f1f);font-size:1rem}.l5PPKe .dMNVAe{margin:0;padding:0}.l5PPKe>:first-child{margin-top:0;padding-top:0}.l5PPKe>:last-child{margin-bottom:0;padding-bottom:0}.Dl08I{margin:0;padding:0;position:relative}.Dl08I>.SmR8:only-child{padding-top:1px}.Dl08I>.SmR8:only-child::before{top:0}.Dl08I>.SmR8:not(first-child){padding-bottom:1px}.Dl08I>.SmR8::after{bottom:0}.Dl08I>.SmR8:only-child::before,.Dl08I>.SmR8::after{border-bottom:1px solid #c4c7c5;border-bottom:1px solid var(--gm3-sys-color-outline-variant,#c4c7c5);content:\"\";height:0;left:0;position:absolute;width:100%}.aZvCDf{margin-top:8px;margin-left

                                                      Chrome Cache Entry: 114

                                                      Download File
                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      File Type:ASCII text, with very long lines (570)
                                                      Category:downloaded
                                                      Size (bytes):3467
                                                      Entropy (8bit):5.508385764606741
                                                      Encrypted:false
                                                      SSDEEP:96:ogbsxK3SrI2Jrutmxy9FALtcP+EGYkxhclzV9xCw:Psc3OIpDj2ZYkxhATxX
                                                      MD5:231ABD6E6C360E709640B399EDF85476
                                                      SHA1:6CB98F38D9B6FDCF2E7D7C7682A219082F2E1E75
                                                      SHA-256:44B5D535663C65CD2E6228EF1F0C3DBA9C89EAE5C1BF079A6C4C64972DEE989D
                                                      SHA-512:D45455810B34493A05BA2DD7ADF24C0C009F4CF0898AE9C57978D38C8F2654CEEFC11D1C151BA72B902E0FA87537D43C37957DCAEC1792B5277B54C8E7BCCA3C
                                                      Malicious:false
                                                      URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=xMFgKBi2EQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=A7fCU,AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,P6sQOc,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZDZcre,ZZ4WUe,ZakeSe,ZwDk9d,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,iAskyc,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,q0xTif,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,sOXFj,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,w9hDv,wg1P6b,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziXSP,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGiXTMuN04FgQ4LzahFtNqboYL9eA/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=Wt6vjf,hhhU8,FCpbqb,WhJNk"
                                                      Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.k("Wt6vjf");.var fya=function(){var a=_.He();return _.Nj(a,1)},au=function(a){this.Da=_.t(a,0,au.messageId)};_.J(au,_.v);au.prototype.Ha=function(){return _.Fj(this,1)};au.prototype.Ua=function(a){return _.Xj(this,1,a)};au.messageId="f.bo";var bu=function(){_.km.call(this)};_.J(bu,_.km);bu.prototype.xd=function(){this.NT=!1;gya(this);_.km.prototype.xd.call(this)};bu.prototype.aa=function(){hya(this);if(this.JC)return iya(this),!1;if(!this.UV)return cu(this),!0;this.dispatchEvent("p");if(!this.HP)return cu(this),!0;this.NM?(this.dispatchEvent("r"),cu(this)):iya(this);return!1};.var jya=function(a){var b=new _.gp(a.b5);a.vQ!=null&&_.Mn(b,"authuser",a.vQ);return b},iya=function(a){a.JC=!0;var b=jya(a),c="rt=r&f_uid="+_.rk(a.HP);_.fn(b,(0,_.bg)(a.ea,a),"POST",c)};.bu.prototype.ea=function(a){a=a.target;hya(this);if(_.jn(a)){this.iK=0;if(this.NM)this.JC=!1,this.dispatchEvent("r"

                                                      Chrome Cache Entry: 115

                                                      Download File
                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      File Type:ASCII text, with very long lines (533)
                                                      Category:downloaded
                                                      Size (bytes):9210
                                                      Entropy (8bit):5.393248075042016
                                                      Encrypted:false
                                                      SSDEEP:192:t7mFYxV97I4Ia0U44rS3mt8IV7ydti6M5/1JlNg:t7vB7Il2t+dEF1JlNg
                                                      MD5:2ED5BC88509286438B682EFF23518005
                                                      SHA1:D5C8FD77BA3ED7F977A4AD0C85CF026D0F74F3E2
                                                      SHA-256:F878D44B5CAC6BC95D638C13D0814C10E7D6CC145351ABA7945F53D8CB167979
                                                      SHA-512:12F5415A482286C53631D09B5F50BA4AAA0957DB61904430E5B728777A15DC62428ED560847AB1DFEC459E302FB4D009D32CC1770EAD5425023CA48DF4640AA4
                                                      Malicious:false
                                                      URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=xMFgKBi2EQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=AvtSve,CMcBD,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,PrPYRd,Rkm0ef,SCuOPb,STuCOe,SpsfSb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,ZakeSe,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,byfTOb,cYShmd,eVCnO,gJzDyc,hc6Ubd,inNHtf,iyZMqd,lsjVmc,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,qPfo0c,qmdT9,rCcCxc,siKnQd,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGiXTMuN04FgQ4LzahFtNqboYL9eA/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=ltDFwf,SD8Jgb,rmumx,E87wgc,qPYxq,Tbb4sb,pxq3x,f8Gu1e,soHxf,YgOFye,yRXbo,bTi8wc,ywOR5c,PHUIyb"
                                                      Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.vNa=_.z("SD8Jgb",[]);._.GX=function(a,b){if(typeof b==="string")a.Nc(b);else if(b instanceof _.Ip&&b.ia&&b.ia===_.A)b=_.Za(b.Ku()),a.empty().append(b);else if(b instanceof _.Ua)b=_.Za(b),a.empty().append(b);else if(b instanceof Node)a.empty().append(b);else throw Error("Wf");};_.HX=function(a){var b=_.Lo(a,"[jsslot]");if(b.size()>0)return b;b=new _.Jo([_.Qk("span")]);_.Mo(b,"jsslot","");a.empty().append(b);return b};_.bMb=function(a){return a===null||typeof a==="string"&&_.Ji(a)};._.k("SD8Jgb");._.MX=function(a){_.X.call(this,a.Fa);this.Va=a.controller.Va;this.od=a.controllers.od[0]||null;this.header=a.controller.header;this.nav=a.controller.nav;var b;(b=this.oa().find("button:not([type])").el())==null||b.setAttribute("type","button")};_.J(_.MX,_.X);_.MX.Ba=function(){return{controller:{Va:{jsname:"n7vHCb",ctor:_.pv},header:{jsname:"tJHJj",ctor:_.pv},nav:{jsname:"DH6Rkf",ct

                                                      Chrome Cache Entry: 116

                                                      Download File
                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      File Type:ASCII text, with very long lines (468)
                                                      Category:downloaded
                                                      Size (bytes):1858
                                                      Entropy (8bit):5.297658905867848
                                                      Encrypted:false
                                                      SSDEEP:48:o7vjoGL3AeFkphnpiu7cOyBfO/3d/rYrv3Zrw:ofrLxFuLdyp2AVw
                                                      MD5:B42DB3D22B12B8E3BE1B82961FE2870E
                                                      SHA1:D9CFD11C1C2DE17A7E9301F11AD875B610B96576
                                                      SHA-256:75DC40A81CEACB57940F84D2B29E021974C3004B245CC7198362CA944E9C4058
                                                      SHA-512:EC0708797586F8F85EC8A0BBECA707D73778D93C12986B92965D1828B254D39485926354AEC4D73474BC5755E392B813D8045B19369FAE23B30BBD12E17F7053
                                                      Malicious:false
                                                      URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=xMFgKBi2EQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=A7fCU,AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,P6sQOc,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZDZcre,ZZ4WUe,ZakeSe,ZwDk9d,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,q0xTif,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,sOXFj,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,w9hDv,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGiXTMuN04FgQ4LzahFtNqboYL9eA/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=iAskyc,ziXSP"
                                                      Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.k("iAskyc");._.QZ=function(a){_.W.call(this,a.Fa);this.window=a.Ea.window.get();this.Mc=a.Ea.Mc};_.J(_.QZ,_.W);_.QZ.Ba=function(){return{Ea:{window:_.tu,Mc:_.HE}}};_.QZ.prototype.Po=function(){};_.QZ.prototype.addEncryptionRecoveryMethod=function(){};_.RZ=function(a){return(a==null?void 0:a.Jo)||function(){}};_.SZ=function(a){return(a==null?void 0:a.r3)||function(){}};_.VPb=function(a){return(a==null?void 0:a.Qp)||function(){}};._.WPb=function(a){return new Map(Array.from(a,function(b){var c=_.n(b);b=c.next().value;c=c.next().value;return[b,c.map(function(d){return{epoch:d.epoch,key:new Uint8Array(d.key)}})]}))};_.XPb=function(a){setTimeout(function(){throw a;},0)};_.QZ.prototype.qO=function(){return!0};_.qu(_.Dn,_.QZ);._.l();._.k("ziXSP");.var j_=function(a){_.QZ.call(this,a.Fa)};_.J(j_,_.QZ);j_.Ba=_.QZ.Ba;j_.prototype.Po=function(a,b,c){var d;if((d=this.window.chrome)==nu

                                                      Chrome Cache Entry: 117

                                                      Download File
                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      File Type:MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
                                                      Category:downloaded
                                                      Size (bytes):5430
                                                      Entropy (8bit):3.6534652184263736
                                                      Encrypted:false
                                                      SSDEEP:48:wIJct3xIAxG/7nvWDtZcdYLtX7B6QXL3aqG8Q:wIJct+A47v+rcqlBPG9B
                                                      MD5:F3418A443E7D841097C714D69EC4BCB8
                                                      SHA1:49263695F6B0CDD72F45CF1B775E660FDC36C606
                                                      SHA-256:6DA5620880159634213E197FAFCA1DDE0272153BE3E4590818533FAB8D040770
                                                      SHA-512:82D017C4B7EC8E0C46E8B75DA0CA6A52FD8BCE7FCF4E556CBDF16B49FC81BE9953FE7E25A05F63ECD41C7272E8BB0A9FD9AEDF0AC06CB6032330B096B3702563
                                                      Malicious:false
                                                      URL:https://www.google.com/favicon.ico
                                                      Preview:............ .h...&... .... .........(....... ..... ............................................0...................................................................................................................................v.].X.:.X.:.r.Y........................................q.X.S.4.S.4.S.4.S.4.S.4.S.4...X....................0........q.W.S.4.X.:.................J...A...g.........................K.H.V.8..........................F..B.....................,.......................................B..............................................B..B..B..B..B...u..........................................B..B..B..B..B...{.................5.......k...........................................................7R..8F.................................................2........Vb..5C..;I..................R^.....................0................Xc..5C..5C..5C..5C..5C..5C..lv..........................................]i..<J..:G..Zf....................................................

                                                      Chrome Cache Entry: 118

                                                      Download File
                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      File Type:ASCII text, with very long lines (1694)
                                                      Category:downloaded
                                                      Size (bytes):32500
                                                      Entropy (8bit):5.378121087555083
                                                      Encrypted:false
                                                      SSDEEP:768:OnTTScxIXeijt4aRZf4AEqTzQh2HIVVcYTVf79pew6cVEkAXtuWsmsL:iA4w4A4h2HIVVcMVf72QA9jOL
                                                      MD5:57D7B0A2CE36496F05AFA27B39C1F219
                                                      SHA1:418AD03C2E75AEAF188E2A00123B70E09D541656
                                                      SHA-256:E247A1F5E564A248C92E39C040A06B9B3BEA50A130CC98F2787FB5E2441E0707
                                                      SHA-512:78B135A69424F951AC7E3CCBDC4F496BCA0BE6A2312DC90DFA29032C7DB19455B7E35FEE57F470729EC5E86D52DC19037BB6404C27DF614A548DE409527866C2
                                                      Malicious:false
                                                      URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=xMFgKBi2EQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=_b,_tp/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGiXTMuN04FgQ4LzahFtNqboYL9eA/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=byfTOb,lsjVmc,LEikZe"
                                                      Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{.var Cua=function(a,b){this.da=a;this.ea=b;if(!c){var c=new _.gp("//www.google.com/images/cleardot.gif");_.rp(c)}this.ka=c};_.h=Cua.prototype;_.h.Zc=null;_.h.rZ=1E4;_.h.jA=!1;_.h.sQ=0;_.h.JJ=null;_.h.gV=null;_.h.setTimeout=function(a){this.rZ=a};_.h.start=function(){if(this.jA)throw Error("dc");this.jA=!0;this.sQ=0;Dua(this)};_.h.stop=function(){Eua(this);this.jA=!1};.var Dua=function(a){a.sQ++;navigator!==null&&"onLine"in navigator&&!navigator.onLine?_.om((0,_.bg)(a.hH,a,!1),0):(a.aa=new Image,a.aa.onload=(0,_.bg)(a.Kja,a),a.aa.onerror=(0,_.bg)(a.Jja,a),a.aa.onabort=(0,_.bg)(a.Ija,a),a.JJ=_.om(a.Lja,a.rZ,a),a.aa.src=String(a.ka))};_.h=Cua.prototype;_.h.Kja=function(){this.hH(!0)};_.h.Jja=function(){this.hH(!1)};_.h.Ija=function(){this.hH(!1)};_.h.Lja=function(){this.hH(!1)};._.h.hH=function(a){Eua(this);a?(this.jA=!1,this.da.call(this.ea,!0)):this.sQ<=0?Dua(this):(this.jA=!1,

                                                      Chrome Cache Entry: 119

                                                      Download File
                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      File Type:Web Open Font Format (Version 2), TrueType, length 52280, version 1.0
                                                      Category:downloaded
                                                      Size (bytes):52280
                                                      Entropy (8bit):7.995413196679271
                                                      Encrypted:true
                                                      SSDEEP:1536:1rvqtK8DZilXxwJ8mMwAZy7phqsFLdG3B4d:xytBZits8bw4wzbFxG3B4d
                                                      MD5:F61F0D4D0F968D5BBA39A84C76277E1A
                                                      SHA1:AA3693EA140ECA418B4B2A30F6A68F6F43B4BEB2
                                                      SHA-256:57147F08949ABABE7DEEF611435AE418475A693E3823769A25C2A39B6EAD9CCC
                                                      SHA-512:6C3BD90F709BCF9151C9ED9FFEA55C4F6883E7FDA2A4E26BF018C83FE1CFBE4F4AA0DB080D6D024070D53B2257472C399C8AC44EEFD38B9445640EFA85D5C487
                                                      Malicious:false
                                                      URL:https://fonts.gstatic.com/s/googlesans/v58/4UaRrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iq2vgCI.woff2
                                                      Preview:wOF2.......8.....................................^...$..4?HVAR..?MVAR9.`?STAT.*',..J/.......`..(..Z.0..R.6.$.... .....K..[..q..c..T.....>.P.j.`.w..#...%......N.".....$..3.0.6......... .L.rX/r[j.y.|*(.4.%#.....2.v.m..-..%.....;-.Y.{..&..O=#l@...k..7g..ZI...#.Z./+T..r7...M..3).Z%.x....s..sL..[A!.5*1w'/.8V..2Z..%.X.h.o.).]..9..Q`.$.....7..kZ.~O........d..g.n.d.Rw+&....Cz..uy#..fz,(.J....v.%..`..9.....h...?O..:...c%.....6s....xl..#...5..._......1.>.)"U.4 W....?%......6//!$...!.n9C@n...........!""^.....W..Z<.7.x.."UT.T....E.."R>.R..t.....H d..e_.K../.+8.Q.P.ZQ....;...U....]......._.e*......71.?.7.ORv.?...l...G|.P...|:...I.X..2.,.L........d.g.]}W#uW]QnuP-s.;.-Y.....].......C..j_.M0...y.......J..........NY..@A...,....-.F......'..w./j5g.vUS...U..0.&...y7.LP.....%.....Y......Y..D. e.A..G.?.$.......6...eaK.n5.m...N...,...+BCl..L> .E9~.b[.w.x....6<...}.e...%V....O.......*.?...a..#[eE.4..p..$...].....%......o._......N.._~..El....b..A.0.r8.....|..D.d..

                                                      Chrome Cache Entry: 120

                                                      Download File
                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      File Type:ASCII text, with very long lines (755)
                                                      Category:downloaded
                                                      Size (bytes):1460
                                                      Entropy (8bit):5.274624539239422
                                                      Encrypted:false
                                                      SSDEEP:24:kMYD7DUuXIqMSsN7UYgtx/mQ7hz1BU6TZ6BdXDMvUKGbWxlGb+jSFFV87Ofk8tp8:o7DhXI6PoXwsKGb2lGb+jS9Mwrw
                                                      MD5:481C149C4D3EE4A53C3E7CBA067371DF
                                                      SHA1:E0FED275636D3492C922C44F010157FAF0936733
                                                      SHA-256:9327A53F577C5FCEFDB162E02D8646CE5B70DF2201F4B3289384657B32BACE70
                                                      SHA-512:EC5C5A03ED4E1A27BEE7E1C488A238D79A9787D944E364CCE516FB28C22256919E49C99BFCFEA0F7815AB4232A350914E26D33D20F5A81ED19A39DFD40E30C79
                                                      Malicious:false
                                                      URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=xMFgKBi2EQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZakeSe,ZwDk9d,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGiXTMuN04FgQ4LzahFtNqboYL9eA/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=P6sQOc"
                                                      Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.k("lOO0Vd");._.b_a=new _.pf(_.Dm);._.l();._.k("P6sQOc");.var g_a=!!(_.Mh[1]&16);var i_a=function(a,b,c,d,e){this.ea=a;this.xa=b;this.ka=c;this.Ca=d;this.Ga=e;this.aa=0;this.da=h_a(this)},j_a=function(a){var b={};_.Ma(a.HS(),function(e){b[e]=!0});var c=a.uS(),d=a.yS();return new i_a(a.wP(),c.aa()*1E3,a.bS(),d.aa()*1E3,b)},h_a=function(a){return Math.random()*Math.min(a.xa*Math.pow(a.ka,a.aa),a.Ca)},SG=function(a,b){return a.aa>=a.ea?!1:b!=null?!!a.Ga[b]:!0};var TG=function(a){_.W.call(this,a.Fa);this.da=a.Ea.JV;this.ea=a.Ea.metadata;a=a.Ea.cha;this.fetch=a.fetch.bind(a)};_.J(TG,_.W);TG.Ba=function(){return{Ea:{JV:_.e_a,metadata:_.b_a,cha:_.VZa}}};TG.prototype.aa=function(a,b){if(this.ea.getType(a.Od())!==1)return _.Vm(a);var c=this.da.jV;return(c=c?j_a(c):null)&&SG(c)?_.zya(a,k_a(this,a,b,c)):_.Vm(a)};.var k_a=function(a,b,c,d){return c.then(function(e){return e},function(e)

                                                      Chrome Cache Entry: 121

                                                      Download File
                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      File Type:ASCII text, with very long lines (2907)
                                                      Category:downloaded
                                                      Size (bytes):23298
                                                      Entropy (8bit):5.429186219736739
                                                      Encrypted:false
                                                      SSDEEP:384:+BitNeB9HVPQmqySWyvbbb/XEm6k1JTM2qzhOF0bCjOgiQBH2f+wl9nyf0zHwx:+BiHeB9Hecebbb/PONOFnjOgPBHgSywx
                                                      MD5:A5C41D7BA22E9CF451810802AE5AC2E8
                                                      SHA1:858F35134A0BD7BAECB1B1A30EC3645642214554
                                                      SHA-256:D29364A1E9EDE91152F2CB84962B73644741817C9C6A615C1FB70A885DD1CB8D
                                                      SHA-512:DEA28AD362B51832D33CD9E936C0A255FA32C20DFFC6E806DA7AAF657D3490AF079C40FE21E10B2FDC971EB066E51ABDA182DEDC156759CCE06440E456FEB316
                                                      Malicious:false
                                                      URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=xMFgKBi2EQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,PHUIyb,PrPYRd,Rkm0ef,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZakeSe,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGiXTMuN04FgQ4LzahFtNqboYL9eA/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=RqjULd"
                                                      Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.xu.prototype.da=_.ca(40,function(){return _.tj(this,3)});_.cz=function(a,b){this.key=a;this.defaultValue=!1;this.flagName=b};_.cz.prototype.ctor=function(a){return typeof a==="boolean"?a:this.defaultValue};_.dz=function(){this.ka=!0;var a=_.xj(_.fk(_.Be("TSDtV",window),_.Cya),_.xu,1,_.sj())[0];if(a){var b={};for(var c=_.n(_.xj(a,_.Dya,2,_.sj())),d=c.next();!d.done;d=c.next()){d=d.value;var e=_.Lj(d,1).toString();switch(_.vj(d,_.yu)){case 3:b[e]=_.Jj(d,_.nj(d,_.yu,3));break;case 2:b[e]=_.Lj(d,_.nj(d,_.yu,2));break;case 4:b[e]=_.Mj(d,_.nj(d,_.yu,4));break;case 5:b[e]=_.Nj(d,_.nj(d,_.yu,5));break;case 6:b[e]=_.Rj(d,_.ff,6,_.yu);break;default:throw Error("jd`"+_.vj(d,_.yu));}}}else b={};this.ea=b;this.token=.a?a.da():null};_.dz.prototype.aa=function(a){if(!this.ka||a.key in this.ea)a=a.ctor(this.ea[a.key]);else if(_.Be("nQyAE",window)){var b=_.Fya(a.flagName);if(b===null)a=a.de

                                                      Chrome Cache Entry: 122

                                                      Download File
                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      File Type:ASCII text, with very long lines (683)
                                                      Category:downloaded
                                                      Size (bytes):3131
                                                      Entropy (8bit):5.352056237104327
                                                      Encrypted:false
                                                      SSDEEP:48:o7hHD75byh9xqKP5jNQ8js63rAwrMNhYfmdpwoKLEy5aQW5Tx5v3MmFopMGIWO4x:oFD+95jOQr3AT7wRLDGD5flBb4Ew
                                                      MD5:ADEF03127F74F5E6742B8CFA7B863F28
                                                      SHA1:58D7C635582AF10E91EC047FD315FAF758AF51DA
                                                      SHA-256:5FDD639E222F58AEB6178EB02583086BCC50ED219DEAA953D0E7984DD0E1FEDC
                                                      SHA-512:3AC26E9569EE83298F386D551774F378D3E433A2C80C1D4BC7481C544605A2FA4943F6CBC8E97FBF8FE3C32C1EFB2A1CCAA01403819482FC7429538FDF2CA758
                                                      Malicious:false
                                                      URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=xMFgKBi2EQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,PHUIyb,PrPYRd,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZakeSe,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGiXTMuN04FgQ4LzahFtNqboYL9eA/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=ZwDk9d,RMhBfe"
                                                      Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.k("ZwDk9d");.var kA=function(a){_.W.call(this,a.Fa)};_.J(kA,_.W);kA.Ba=_.W.Ba;kA.prototype.jS=function(a){return _.Ye(this,{Xa:{lT:_.ol}}).then(function(b){var c=window._wjdd,d=window._wjdc;return!c&&d?new _.ni(function(e){window._wjdc=function(f){d(f);e(dKa(f,b,a))}}):dKa(c,b,a)})};var dKa=function(a,b,c){return(a=a&&a[c])?a:b.Xa.lT.jS(c)};.kA.prototype.aa=function(a,b){var c=_.Dra(b).Tj;if(c.startsWith("$")){var d=_.jm.get(a);_.xq[b]&&(d||(d={},_.jm.set(a,d)),d[c]=_.xq[b],delete _.xq[b],_.yq--);if(d)if(a=d[c])b=_.af(a);else throw Error("Jb`"+b);else b=null}else b=null;return b};_.qu(_.Lfa,kA);._.l();._.k("SNUn3");._.cKa=new _.pf(_.wg);._.l();._.k("RMhBfe");.var eKa=function(a){var b=_.wq(a);return b?new _.ni(function(c,d){var e=function(){b=_.wq(a);var f=_.Sfa(a,b);f?c(f.getAttribute("jsdata")):window.document.readyState=="complete"?(f=["Unable to find deferred jsdata wit

                                                      Chrome Cache Entry: 123

                                                      Download File
                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      File Type:ASCII text, with very long lines (395)
                                                      Category:downloaded
                                                      Size (bytes):1608
                                                      Entropy (8bit):5.271783084011668
                                                      Encrypted:false
                                                      SSDEEP:48:o726BiFP89yAxKz1TtMxII+eXww7D2bc+rw:oyMyAAz1WNd8vw
                                                      MD5:45EA91A811A594F81B7F760DD14BE237
                                                      SHA1:2C97782C6D5D0BCFB3676FF24AA1008251090DAE
                                                      SHA-256:7488FF4710E7592F66BE1FAC090F73CB8F1D2D0794B57DEAC1798C5B309EE76F
                                                      SHA-512:4F79A36857D5A8AF1E2F938EF92EA75C384DE4789972B068BE82EADAA442C538A65035CCE8665A7283137E2075B8FE4C1C9E7B2A36585491683B4869005B772A
                                                      Malicious:false
                                                      URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=xMFgKBi2EQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,P6sQOc,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZakeSe,ZwDk9d,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGiXTMuN04FgQ4LzahFtNqboYL9eA/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=w9hDv,ZDZcre,A7fCU"
                                                      Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.k("w9hDv");._.vg(_.Ila);_.iA=function(a){_.W.call(this,a.Fa);this.aa=a.Xa.cache};_.J(_.iA,_.W);_.iA.Ba=function(){return{Xa:{cache:_.gt}}};_.iA.prototype.execute=function(a){_.Bb(a,function(b){var c;_.$e(b)&&(c=b.eb.kc(b.kb));c&&this.aa.LG(c)},this);return{}};_.qu(_.Ola,_.iA);._.l();._.k("ZDZcre");.var jH=function(a){_.W.call(this,a.Fa);this.Xl=a.Ea.Xl;this.j4=a.Ea.metadata;this.aa=a.Ea.wt};_.J(jH,_.W);jH.Ba=function(){return{Ea:{Xl:_.OG,metadata:_.b_a,wt:_.LG}}};jH.prototype.execute=function(a){var b=this;a=this.aa.create(a);return _.Bb(a,function(c){var d=b.j4.getType(c.Od())===2?b.Xl.Rb(c):b.Xl.fetch(c);return _.Bl(c,_.PG)?d.then(function(e){return _.Dd(e)}):d},this)};_.qu(_.Tla,jH);._.l();._.k("K5nYTd");._.a_a=new _.pf(_.Pla);._.l();._.k("sP4Vbe");.._.l();._.k("kMFpHd");.._.l();._.k("A7fCU");.var RG=function(a){_.W.call(this,a.Fa);this.aa=a.Ea.yQ};_.J(RG,_.W);RG.Ba=func

                                                      Chrome Cache Entry: 124

                                                      Download File
                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      File Type:ASCII text, with very long lines (553)
                                                      Category:downloaded
                                                      Size (bytes):744742
                                                      Entropy (8bit):5.792853825531523
                                                      Encrypted:false
                                                      SSDEEP:6144:x5bdWK/20rOQKKQtvqUGSGDdPSxdZqmguPH:pOeKGSpgu/
                                                      MD5:D6A4595EF381156A4C38FC1268C40783
                                                      SHA1:75B2E4139EE5014416D280B02E1F57724B0A4240
                                                      SHA-256:9E6266EF7F49A5256F373AB78F9D0AE688CA964F542892F5FF0563F05AC6C676
                                                      SHA-512:ACC3385A52ABFA53EE68286C86F2266C2BE7D12350F31AEFD91052616CF417207E5F27A31FEC5FB4B5DDA705C599DD0B724ACA88E9FF682289C3B473902CD79C
                                                      Malicious:false
                                                      URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/am=xMFgKBi2EQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/excm=_b,_tp,identifierview/ed=1/dg=0/wt=2/ujg=1/rs=AOaEmlEEvjRYpfMDihaNwG0swUsVgVpBIg/m=_b,_tp"
                                                      Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._._F_toggles_initialize=function(a){(typeof globalThis!=="undefined"?globalThis:typeof self!=="undefined"?self:this)._F_toggles=a||[]};(0,_._F_toggles_initialize)([0x2860c1c4, 0x2046d860, 0x39e1fc40, 0x14501e80, 0xe420, 0x0, 0x1a000000, 0x1d000003, 0xc, ]);./*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/./*.. Copyright Google LLC. SPDX-License-Identifier: Apache-2.0.*/./*.. Copyright 2024 Google, Inc. SPDX-License-Identifier: MIT.*/./*. SPDX-License-Identifier: Apache-2.0.*/./*. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.var baa,daa,Na,Ta,gaa,iaa,jb,qaa,waa,Caa,Haa,Kaa,Jb,Laa,Ob,Qb,Rb,Maa,Naa,Sb,Oaa,Paa,Qaa,Yb,Vaa,Xaa,ec,fc,gc,bba,cba,gba,jba,lba,mba,qba,tba,nba,sba,rba,pba,oba,uba,yba,Cba,Dba,Aba,Hc,Ic,Gba,Iba,Mba,Nba,Oba,Pba,Lba,Qba,Sba,dd,Uba,Vba,Xba,Zba,Yba,aca,bca,cca,dca,fca,eca,hca,ica,jca,kca,nca,

                                                      Chrome Cache Entry: 125

                                                      Download File
                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      File Type:HTML document, ASCII text, with very long lines (681)
                                                      Category:downloaded
                                                      Size (bytes):4067
                                                      Entropy (8bit):5.3700036060139436
                                                      Encrypted:false
                                                      SSDEEP:96:G6mTOIiY1medWRQrf7VF6vtDgXJyA7oxcoTiw:3mTOImedWOVF6vtUJyA8xJ3
                                                      MD5:FA701F5D7BEF5AF6B676F099A00A1140
                                                      SHA1:4CA8594D1E845605E7F1242AD8E10FD3A41FA3BE
                                                      SHA-256:F1F311E29B597B507EE761AE40185A9BE194BA6498F91DD2A69610EF765B554A
                                                      SHA-512:D53CAD789CED1F1D05546CD9DDA662FF47DF4A9FE382F4936EB1579175B06A95770426E5A83C24EACE04014956F1971A6432D1FCB26F2A9E4B922D8A34FC9875
                                                      Malicious:false
                                                      URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=xMFgKBi2EQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=A7fCU,AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,P6sQOc,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZDZcre,ZakeSe,ZwDk9d,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,w9hDv,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGiXTMuN04FgQ4LzahFtNqboYL9eA/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=sOXFj,q0xTif,ZZ4WUe"
                                                      Preview:"use strict";_F_installCss(".N7rBcd{overflow-x:auto}sentinel{}");.this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.vg(_.bqa);._.k("sOXFj");.var wu=function(a){_.W.call(this,a.Fa)};_.J(wu,_.W);wu.Ba=_.W.Ba;wu.prototype.aa=function(a){return a()};_.qu(_.aqa,wu);._.l();._.k("oGtAuc");._.Bya=new _.pf(_.bqa);._.l();._.k("q0xTif");.var vza=function(a){var b=function(d){_.Zn(d)&&(_.Zn(d).Lc=null,_.Gu(d,null));d.XyHi9&&(d.XyHi9=null)};b(a);a=a.querySelectorAll("[c-wiz]");for(var c=0;c<a.length;c++)b(a[c])},Su=function(a){_.nt.call(this,a.Fa);this.Qa=this.dom=null;if(this.rl()){var b=_.Cm(this.Wg(),[_.Hm,_.Gm]);b=_.pi([b[_.Hm],b[_.Gm]]).then(function(c){this.Qa=c[0];this.dom=c[1]},null,this);_.ku(this,b)}this.Ra=a.lm.Dea};_.J(Su,_.nt);Su.Ba=function(){return{lm:{Dea:function(a){return _.Ue(a)}}}};Su.prototype.Bp=function(a){return this.Ra.Bp(a)};.Su.prototype.getData=function(a){return this.Ra.getData(a)};Su.prototype.uo=function(){_.Nt(this.d

                                                      Static File Info

                                                      General

                                                      File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                      Entropy (8bit):6.5838209335694176
                                                      TrID:
                                                      • Win32 Executable (generic) a (10002005/4) 99.96%
                                                      • Generic Win/DOS Executable (2004/3) 0.02%
                                                      • DOS Executable Generic (2002/1) 0.02%
                                                      • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                      File name:file.exe
                                                      File size:919'040 bytes
                                                      MD5:5c3cf2541c758d3f50a08a65b6e2abe3
                                                      SHA1:b303df0dfeaf5e9d012f8c8857b1a72fd6530c17
                                                      SHA256:a1e825d314c9c21a051645e9edc8c3311bbae6b12721bfeb868dcad02ddc0411
                                                      SHA512:36dfc45366af94b0462c5cb4463ce5d6feff6984f333161b22e1235ce369e9dd049d009f44259aa18bb3531e7527f25278df23bc69b564b8fb085ff2d67a9668
                                                      SSDEEP:24576:mqDEvCTbMWu7rQYlBQcBiT6rprG8a4yK:mTvC/MTQYxsWR7a4
                                                      TLSH:83159E0273D1C062FFAB92334B5AF6515BBC69260123E61F13981DB9BE701B1563E7A3
                                                      File Content Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......................j:......j:..C...j:......@.*...............................n.......~.............{.......{.......{.........z....

                                                      File Icon

                                                      Icon Hash:aaf3e3e3938382a0

                                                      Static PE Info

                                                      General

                                                      Entrypoint:0x420577
                                                      Entrypoint Section:.text
                                                      Digitally signed:false
                                                      Imagebase:0x400000
                                                      Subsystem:windows gui
                                                      Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                                      DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                      Time Stamp:0x66FEE180 [Thu Oct 3 18:25:04 2024 UTC]
                                                      TLS Callbacks:
                                                      CLR (.Net) Version:
                                                      OS Version Major:5
                                                      OS Version Minor:1
                                                      File Version Major:5
                                                      File Version Minor:1
                                                      Subsystem Version Major:5
                                                      Subsystem Version Minor:1
                                                      Import Hash:948cc502fe9226992dce9417f952fce3

                                                      Entrypoint Preview

                                                      Instruction
                                                      call 00007F5F8C4E7CD3h
                                                      jmp 00007F5F8C4E75DFh
                                                      push ebp
                                                      mov ebp, esp
                                                      push esi
                                                      push dword ptr [ebp+08h]
                                                      mov esi, ecx
                                                      call 00007F5F8C4E77BDh
                                                      mov dword ptr [esi], 0049FDF0h
                                                      mov eax, esi
                                                      pop esi
                                                      pop ebp
                                                      retn 0004h
                                                      and dword ptr [ecx+04h], 00000000h
                                                      mov eax, ecx
                                                      and dword ptr [ecx+08h], 00000000h
                                                      mov dword ptr [ecx+04h], 0049FDF8h
                                                      mov dword ptr [ecx], 0049FDF0h
                                                      ret
                                                      push ebp
                                                      mov ebp, esp
                                                      push esi
                                                      push dword ptr [ebp+08h]
                                                      mov esi, ecx
                                                      call 00007F5F8C4E778Ah
                                                      mov dword ptr [esi], 0049FE0Ch
                                                      mov eax, esi
                                                      pop esi
                                                      pop ebp
                                                      retn 0004h
                                                      and dword ptr [ecx+04h], 00000000h
                                                      mov eax, ecx
                                                      and dword ptr [ecx+08h], 00000000h
                                                      mov dword ptr [ecx+04h], 0049FE14h
                                                      mov dword ptr [ecx], 0049FE0Ch
                                                      ret
                                                      push ebp
                                                      mov ebp, esp
                                                      push esi
                                                      mov esi, ecx
                                                      lea eax, dword ptr [esi+04h]
                                                      mov dword ptr [esi], 0049FDD0h
                                                      and dword ptr [eax], 00000000h
                                                      and dword ptr [eax+04h], 00000000h
                                                      push eax
                                                      mov eax, dword ptr [ebp+08h]
                                                      add eax, 04h
                                                      push eax
                                                      call 00007F5F8C4EA37Dh
                                                      pop ecx
                                                      pop ecx
                                                      mov eax, esi
                                                      pop esi
                                                      pop ebp
                                                      retn 0004h
                                                      lea eax, dword ptr [ecx+04h]
                                                      mov dword ptr [ecx], 0049FDD0h
                                                      push eax
                                                      call 00007F5F8C4EA3C8h
                                                      pop ecx
                                                      ret
                                                      push ebp
                                                      mov ebp, esp
                                                      push esi
                                                      mov esi, ecx
                                                      lea eax, dword ptr [esi+04h]
                                                      mov dword ptr [esi], 0049FDD0h
                                                      push eax
                                                      call 00007F5F8C4EA3B1h
                                                      test byte ptr [ebp+08h], 00000001h
                                                      pop ecx

                                                      Rich Headers

                                                      Programming Language:
                                                      • [ C ] VS2008 SP1 build 30729
                                                      • [IMP] VS2008 SP1 build 30729

                                                      Data Directories

                                                      NameVirtual AddressVirtual Size Is in Section
                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0xc8e640x17c.rdata
                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0xd40000x9bb8.rsrc
                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0xde0000x7594.reloc
                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0xb0ff00x1c.rdata
                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_TLS0xc34000x18.rdata
                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0xb10100x40.rdata
                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_IAT0x9c0000x894.rdata
                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                      Sections

                                                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                      .text0x10000x9ab1d0x9ac000a1473f3064dcbc32ef93c5c8a90f3a6False0.565500681542811data6.668273581389308IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                      .rdata0x9c0000x2fb820x2fc00c9cf2468b60bf4f80f136ed54b3989fbFalse0.35289185209424084data5.691811547483722IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                      .data0xcc0000x706c0x480053b9025d545d65e23295e30afdbd16d9False0.04356553819444445DOS executable (block device driver @\273\)0.5846666986982398IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                      .rsrc0xd40000x9bb80x9c006b5b614fe4cf4d889636b2c7148dfd42False0.31665665064102566data5.3328567430866265IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                      .reloc0xde0000x75940x7600c68ee8931a32d45eb82dc450ee40efc3False0.7628111758474576data6.7972128181359786IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                      Resources

                                                      NameRVASizeTypeLanguageCountryZLIB Complexity
                                                      RT_ICON0xd45a80x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.7466216216216216
                                                      RT_ICON0xd46d00x128Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colorsEnglishGreat Britain0.3277027027027027
                                                      RT_ICON0xd47f80x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.3885135135135135
                                                      RT_ICON0xd49200x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 0EnglishGreat Britain0.3333333333333333
                                                      RT_ICON0xd4c080x128Device independent bitmap graphic, 16 x 32 x 4, image size 0EnglishGreat Britain0.5
                                                      RT_ICON0xd4d300xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0EnglishGreat Britain0.2835820895522388
                                                      RT_ICON0xd5bd80x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0EnglishGreat Britain0.37906137184115524
                                                      RT_ICON0xd64800x568Device independent bitmap graphic, 16 x 32 x 8, image size 0EnglishGreat Britain0.23699421965317918
                                                      RT_ICON0xd69e80x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0EnglishGreat Britain0.13858921161825727
                                                      RT_ICON0xd8f900x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0EnglishGreat Britain0.25070356472795496
                                                      RT_ICON0xda0380x468Device independent bitmap graphic, 16 x 32 x 32, image size 0EnglishGreat Britain0.3173758865248227
                                                      RT_MENU0xda4a00x50dataEnglishGreat Britain0.9
                                                      RT_STRING0xda4f00x594dataEnglishGreat Britain0.3333333333333333
                                                      RT_STRING0xdaa840x68adataEnglishGreat Britain0.2735961768219833
                                                      RT_STRING0xdb1100x490dataEnglishGreat Britain0.3715753424657534
                                                      RT_STRING0xdb5a00x5fcdataEnglishGreat Britain0.3087467362924282
                                                      RT_STRING0xdbb9c0x65cdataEnglishGreat Britain0.34336609336609336
                                                      RT_STRING0xdc1f80x466dataEnglishGreat Britain0.3605683836589698
                                                      RT_STRING0xdc6600x158Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0EnglishGreat Britain0.502906976744186
                                                      RT_RCDATA0xdc7b80xe7edata1.002964959568733
                                                      RT_GROUP_ICON0xdd6380x76dataEnglishGreat Britain0.6610169491525424
                                                      RT_GROUP_ICON0xdd6b00x14dataEnglishGreat Britain1.25
                                                      RT_GROUP_ICON0xdd6c40x14dataEnglishGreat Britain1.15
                                                      RT_GROUP_ICON0xdd6d80x14dataEnglishGreat Britain1.25
                                                      RT_VERSION0xdd6ec0xdcdataEnglishGreat Britain0.6181818181818182
                                                      RT_MANIFEST0xdd7c80x3efASCII text, with CRLF line terminatorsEnglishGreat Britain0.5074478649453823

                                                      Imports

                                                      DLLImport
                                                      WSOCK32.dllgethostbyname, recv, send, socket, inet_ntoa, setsockopt, ntohs, WSACleanup, WSAStartup, sendto, htons, __WSAFDIsSet, select, accept, listen, bind, inet_addr, ioctlsocket, recvfrom, WSAGetLastError, closesocket, gethostname, connect
                                                      VERSION.dllGetFileVersionInfoW, VerQueryValueW, GetFileVersionInfoSizeW
                                                      WINMM.dlltimeGetTime, waveOutSetVolume, mciSendStringW
                                                      COMCTL32.dllImageList_ReplaceIcon, ImageList_Destroy, ImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, InitCommonControlsEx, ImageList_Create
                                                      MPR.dllWNetGetConnectionW, WNetCancelConnection2W, WNetUseConnectionW, WNetAddConnection2W
                                                      WININET.dllHttpOpenRequestW, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetQueryOptionW, InternetConnectW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetReadFile, InternetQueryDataAvailable
                                                      PSAPI.DLLGetProcessMemoryInfo
                                                      IPHLPAPI.DLLIcmpSendEcho, IcmpCloseHandle, IcmpCreateFile
                                                      USERENV.dllDestroyEnvironmentBlock, LoadUserProfileW, CreateEnvironmentBlock, UnloadUserProfile
                                                      UxTheme.dllIsThemeActive
                                                      KERNEL32.dllDuplicateHandle, CreateThread, WaitForSingleObject, HeapAlloc, GetProcessHeap, HeapFree, Sleep, GetCurrentThreadId, MultiByteToWideChar, MulDiv, GetVersionExW, IsWow64Process, GetSystemInfo, FreeLibrary, LoadLibraryA, GetProcAddress, SetErrorMode, GetModuleFileNameW, WideCharToMultiByte, lstrcpyW, lstrlenW, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, SetEndOfFile, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, FindClose, GetLongPathNameW, GetShortPathNameW, DeleteFileW, IsDebuggerPresent, CopyFileExW, MoveFileW, CreateDirectoryW, RemoveDirectoryW, SetSystemPowerState, QueryPerformanceFrequency, LoadResource, LockResource, SizeofResource, OutputDebugStringW, GetTempPathW, GetTempFileNameW, DeviceIoControl, LoadLibraryW, GetLocalTime, CompareStringW, GetCurrentThread, EnterCriticalSection, LeaveCriticalSection, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, LoadLibraryExW, FindResourceExW, CopyFileW, VirtualFree, FormatMessageW, GetExitCodeProcess, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, SetFileAttributesW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetSystemDirectoryW, HeapReAlloc, HeapSize, GetComputerNameW, GetWindowsDirectoryW, GetCurrentProcessId, GetProcessIoCounters, CreateProcessW, GetProcessId, SetPriorityClass, VirtualAlloc, GetCurrentDirectoryW, lstrcmpiW, DecodePointer, GetLastError, RaiseException, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, InterlockedDecrement, InterlockedIncrement, ResetEvent, WaitForSingleObjectEx, IsProcessorFeaturePresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, CloseHandle, GetFullPathNameW, GetStartupInfoW, GetSystemTimeAsFileTime, InitializeSListHead, RtlUnwind, SetLastError, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, ExitProcess, GetModuleHandleExW, ExitThread, ResumeThread, FreeLibraryAndExitThread, GetACP, GetDateFormatW, GetTimeFormatW, LCMapStringW, GetStringTypeW, GetFileType, SetStdHandle, GetConsoleCP, GetConsoleMode, ReadConsoleW, GetTimeZoneInformation, FindFirstFileExW, IsValidCodePage, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableA, SetCurrentDirectoryW, FindNextFileW, WriteConsoleW
                                                      USER32.dllGetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, CallWindowProcW, ReleaseCapture, SetCapture, PeekMessageW, GetInputState, UnregisterHotKey, CharLowerBuffW, MonitorFromPoint, MonitorFromRect, LoadImageW, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, ClientToScreen, GetCursorPos, DeleteMenu, CheckMenuRadioItem, GetMenuItemID, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, SystemParametersInfoW, LockWindowUpdate, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowLongW, GetWindowThreadProcessId, AttachThreadInput, GetFocus, GetWindowTextW, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetClassNameW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, RegisterHotKey, GetCursorInfo, SetWindowPos, CopyImage, AdjustWindowRectEx, SetRect, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, TrackPopupMenuEx, GetMessageW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, GetUserObjectSecurity, MessageBoxW, DefWindowProcW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, DispatchMessageW, keybd_event, TranslateMessage, ScreenToClient
                                                      GDI32.dllEndPath, DeleteObject, GetTextExtentPoint32W, ExtCreatePen, StrokeAndFillPath, GetDeviceCaps, SetPixel, CloseFigure, LineTo, AngleArc, MoveToEx, Ellipse, CreateCompatibleBitmap, CreateCompatibleDC, PolyDraw, BeginPath, Rectangle, SetViewportOrgEx, GetObjectW, SetBkMode, RoundRect, SetBkColor, CreatePen, SelectObject, StretchBlt, CreateSolidBrush, SetTextColor, CreateFontW, GetTextFaceW, GetStockObject, CreateDCW, GetPixel, DeleteDC, GetDIBits, StrokePath
                                                      COMDLG32.dllGetSaveFileNameW, GetOpenFileNameW
                                                      ADVAPI32.dllGetAce, RegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegSetValueExW, RegOpenKeyExW, RegCloseKey, RegQueryValueExW, RegConnectRegistryW, InitializeSecurityDescriptor, InitializeAcl, AdjustTokenPrivileges, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, GetLengthSid, CopySid, LogonUserW, AllocateAndInitializeSid, CheckTokenMembership, FreeSid, GetTokenInformation, RegCreateKeyExW, GetSecurityDescriptorDacl, GetAclInformation, GetUserNameW, AddAce, SetSecurityDescriptorDacl, InitiateSystemShutdownExW
                                                      SHELL32.dllDragFinish, DragQueryPoint, ShellExecuteExW, DragQueryFileW, SHEmptyRecycleBinW, SHGetPathFromIDListW, SHBrowseForFolderW, SHCreateShellItem, SHGetDesktopFolder, SHGetSpecialFolderLocation, SHGetFolderPathW, SHFileOperationW, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW
                                                      ole32.dllCoTaskMemAlloc, CoTaskMemFree, CLSIDFromString, ProgIDFromCLSID, CLSIDFromProgID, OleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoCreateInstance, IIDFromString, StringFromGUID2, CreateStreamOnHGlobal, OleInitialize, OleUninitialize, CoInitialize, CoUninitialize, GetRunningObjectTable, CoGetInstanceFromFile, CoGetObject, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket
                                                      OLEAUT32.dllCreateStdDispatch, CreateDispTypeInfo, UnRegisterTypeLib, UnRegisterTypeLibForUser, RegisterTypeLibForUser, RegisterTypeLib, LoadTypeLibEx, VariantCopyInd, SysReAllocString, SysFreeString, VariantChangeType, SafeArrayDestroyData, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayAllocData, SafeArrayAllocDescriptorEx, SafeArrayCreateVector, SysStringLen, QueryPathOfRegTypeLib, SysAllocString, VariantInit, VariantClear, DispCallFunc, VariantTimeToSystemTime, VarR8FromDec, SafeArrayGetVartype, SafeArrayDestroyDescriptor, VariantCopy, OleLoadPicture

                                                      Possible Origin

                                                      Language of compilation systemCountry where language is spokenMap
                                                      EnglishGreat Britain

                                                      Network Behavior

                                                      Network Port Distribution

                                                      TCP Packets

                                                      TimestampSource PortDest PortSource IPDest IP
                                                      Oct 3, 2024 20:45:58.836965084 CEST49674443192.168.2.10173.222.162.55
                                                      Oct 3, 2024 20:45:58.836966991 CEST49675443192.168.2.10173.222.162.55
                                                      Oct 3, 2024 20:45:58.946213007 CEST49671443192.168.2.10204.79.197.203
                                                      Oct 3, 2024 20:46:02.681262016 CEST49677443192.168.2.1020.42.65.85
                                                      Oct 3, 2024 20:46:02.993211031 CEST49677443192.168.2.1020.42.65.85
                                                      Oct 3, 2024 20:46:03.602405071 CEST49677443192.168.2.1020.42.65.85
                                                      Oct 3, 2024 20:46:03.759208918 CEST49671443192.168.2.10204.79.197.203
                                                      Oct 3, 2024 20:46:04.805723906 CEST49677443192.168.2.1020.42.65.85
                                                      Oct 3, 2024 20:46:06.630095005 CEST49707443192.168.2.10172.217.16.206
                                                      Oct 3, 2024 20:46:06.630131960 CEST44349707172.217.16.206192.168.2.10
                                                      Oct 3, 2024 20:46:06.630192041 CEST49707443192.168.2.10172.217.16.206
                                                      Oct 3, 2024 20:46:06.631306887 CEST49707443192.168.2.10172.217.16.206
                                                      Oct 3, 2024 20:46:06.631323099 CEST44349707172.217.16.206192.168.2.10
                                                      Oct 3, 2024 20:46:07.226198912 CEST49677443192.168.2.1020.42.65.85
                                                      Oct 3, 2024 20:46:07.267770052 CEST44349707172.217.16.206192.168.2.10
                                                      Oct 3, 2024 20:46:07.273844957 CEST49707443192.168.2.10172.217.16.206
                                                      Oct 3, 2024 20:46:07.273865938 CEST44349707172.217.16.206192.168.2.10
                                                      Oct 3, 2024 20:46:07.274523020 CEST44349707172.217.16.206192.168.2.10
                                                      Oct 3, 2024 20:46:07.274588108 CEST49707443192.168.2.10172.217.16.206
                                                      Oct 3, 2024 20:46:07.276068926 CEST44349707172.217.16.206192.168.2.10
                                                      Oct 3, 2024 20:46:07.276120901 CEST49707443192.168.2.10172.217.16.206
                                                      Oct 3, 2024 20:46:07.281240940 CEST49707443192.168.2.10172.217.16.206
                                                      Oct 3, 2024 20:46:07.281397104 CEST44349707172.217.16.206192.168.2.10
                                                      Oct 3, 2024 20:46:07.281862020 CEST49707443192.168.2.10172.217.16.206
                                                      Oct 3, 2024 20:46:07.281872034 CEST44349707172.217.16.206192.168.2.10
                                                      Oct 3, 2024 20:46:07.335692883 CEST49707443192.168.2.10172.217.16.206
                                                      Oct 3, 2024 20:46:07.551480055 CEST44349707172.217.16.206192.168.2.10
                                                      Oct 3, 2024 20:46:07.551594973 CEST44349707172.217.16.206192.168.2.10
                                                      Oct 3, 2024 20:46:07.551661015 CEST49707443192.168.2.10172.217.16.206
                                                      Oct 3, 2024 20:46:07.554804087 CEST49707443192.168.2.10172.217.16.206
                                                      Oct 3, 2024 20:46:07.554826975 CEST44349707172.217.16.206192.168.2.10
                                                      Oct 3, 2024 20:46:07.566174030 CEST49712443192.168.2.10142.250.181.238
                                                      Oct 3, 2024 20:46:07.566222906 CEST44349712142.250.181.238192.168.2.10
                                                      Oct 3, 2024 20:46:07.566392899 CEST49712443192.168.2.10142.250.181.238
                                                      Oct 3, 2024 20:46:07.566874027 CEST49712443192.168.2.10142.250.181.238
                                                      Oct 3, 2024 20:46:07.566885948 CEST44349712142.250.181.238192.168.2.10
                                                      Oct 3, 2024 20:46:08.211277008 CEST44349712142.250.181.238192.168.2.10
                                                      Oct 3, 2024 20:46:08.211930037 CEST49712443192.168.2.10142.250.181.238
                                                      Oct 3, 2024 20:46:08.211941004 CEST44349712142.250.181.238192.168.2.10
                                                      Oct 3, 2024 20:46:08.212492943 CEST44349712142.250.181.238192.168.2.10
                                                      Oct 3, 2024 20:46:08.212749004 CEST49712443192.168.2.10142.250.181.238
                                                      Oct 3, 2024 20:46:08.213490009 CEST44349712142.250.181.238192.168.2.10
                                                      Oct 3, 2024 20:46:08.214023113 CEST49712443192.168.2.10142.250.181.238
                                                      Oct 3, 2024 20:46:08.214606047 CEST49712443192.168.2.10142.250.181.238
                                                      Oct 3, 2024 20:46:08.214694023 CEST44349712142.250.181.238192.168.2.10
                                                      Oct 3, 2024 20:46:08.215111017 CEST49712443192.168.2.10142.250.181.238
                                                      Oct 3, 2024 20:46:08.215123892 CEST44349712142.250.181.238192.168.2.10
                                                      Oct 3, 2024 20:46:08.257328987 CEST49712443192.168.2.10142.250.181.238
                                                      Oct 3, 2024 20:46:08.444866896 CEST49674443192.168.2.10173.222.162.55
                                                      Oct 3, 2024 20:46:08.444883108 CEST49675443192.168.2.10173.222.162.55
                                                      Oct 3, 2024 20:46:08.516041040 CEST44349712142.250.181.238192.168.2.10
                                                      Oct 3, 2024 20:46:08.516138077 CEST44349712142.250.181.238192.168.2.10
                                                      Oct 3, 2024 20:46:08.516227007 CEST49712443192.168.2.10142.250.181.238
                                                      Oct 3, 2024 20:46:08.516227007 CEST49712443192.168.2.10142.250.181.238
                                                      Oct 3, 2024 20:46:08.519798994 CEST49712443192.168.2.10142.250.181.238
                                                      Oct 3, 2024 20:46:08.519817114 CEST44349712142.250.181.238192.168.2.10
                                                      Oct 3, 2024 20:46:10.847899914 CEST49717443192.168.2.10216.58.212.132
                                                      Oct 3, 2024 20:46:10.847951889 CEST44349717216.58.212.132192.168.2.10
                                                      Oct 3, 2024 20:46:10.848236084 CEST49717443192.168.2.10216.58.212.132
                                                      Oct 3, 2024 20:46:10.848788023 CEST49717443192.168.2.10216.58.212.132
                                                      Oct 3, 2024 20:46:10.848803997 CEST44349717216.58.212.132192.168.2.10
                                                      Oct 3, 2024 20:46:11.155654907 CEST49719443192.168.2.10184.28.90.27
                                                      Oct 3, 2024 20:46:11.155685902 CEST44349719184.28.90.27192.168.2.10
                                                      Oct 3, 2024 20:46:11.155774117 CEST49719443192.168.2.10184.28.90.27
                                                      Oct 3, 2024 20:46:11.157493114 CEST49719443192.168.2.10184.28.90.27
                                                      Oct 3, 2024 20:46:11.157506943 CEST44349719184.28.90.27192.168.2.10
                                                      Oct 3, 2024 20:46:11.513955116 CEST44349717216.58.212.132192.168.2.10
                                                      Oct 3, 2024 20:46:11.514552116 CEST49717443192.168.2.10216.58.212.132
                                                      Oct 3, 2024 20:46:11.514570951 CEST44349717216.58.212.132192.168.2.10
                                                      Oct 3, 2024 20:46:11.515655994 CEST44349717216.58.212.132192.168.2.10
                                                      Oct 3, 2024 20:46:11.515794039 CEST49717443192.168.2.10216.58.212.132
                                                      Oct 3, 2024 20:46:11.517050982 CEST49717443192.168.2.10216.58.212.132
                                                      Oct 3, 2024 20:46:11.517180920 CEST44349717216.58.212.132192.168.2.10
                                                      Oct 3, 2024 20:46:11.570071936 CEST49717443192.168.2.10216.58.212.132
                                                      Oct 3, 2024 20:46:11.570086002 CEST44349717216.58.212.132192.168.2.10
                                                      Oct 3, 2024 20:46:11.616818905 CEST49717443192.168.2.10216.58.212.132
                                                      Oct 3, 2024 20:46:11.803991079 CEST44349719184.28.90.27192.168.2.10
                                                      Oct 3, 2024 20:46:11.804178953 CEST49719443192.168.2.10184.28.90.27
                                                      Oct 3, 2024 20:46:11.825397968 CEST49719443192.168.2.10184.28.90.27
                                                      Oct 3, 2024 20:46:11.825417042 CEST44349719184.28.90.27192.168.2.10
                                                      Oct 3, 2024 20:46:11.826347113 CEST44349719184.28.90.27192.168.2.10
                                                      Oct 3, 2024 20:46:11.866820097 CEST49719443192.168.2.10184.28.90.27
                                                      Oct 3, 2024 20:46:12.038599968 CEST49677443192.168.2.1020.42.65.85
                                                      Oct 3, 2024 20:46:12.139704943 CEST49719443192.168.2.10184.28.90.27
                                                      Oct 3, 2024 20:46:12.187407017 CEST44349719184.28.90.27192.168.2.10
                                                      Oct 3, 2024 20:46:12.324780941 CEST44349719184.28.90.27192.168.2.10
                                                      Oct 3, 2024 20:46:12.324937105 CEST44349719184.28.90.27192.168.2.10
                                                      Oct 3, 2024 20:46:12.325192928 CEST49719443192.168.2.10184.28.90.27
                                                      Oct 3, 2024 20:46:12.325938940 CEST49719443192.168.2.10184.28.90.27
                                                      Oct 3, 2024 20:46:12.325938940 CEST49719443192.168.2.10184.28.90.27
                                                      Oct 3, 2024 20:46:12.325957060 CEST44349719184.28.90.27192.168.2.10
                                                      Oct 3, 2024 20:46:12.325965881 CEST44349719184.28.90.27192.168.2.10
                                                      Oct 3, 2024 20:46:12.380990028 CEST49723443192.168.2.10184.28.90.27
                                                      Oct 3, 2024 20:46:12.381026983 CEST44349723184.28.90.27192.168.2.10
                                                      Oct 3, 2024 20:46:12.381122112 CEST49723443192.168.2.10184.28.90.27
                                                      Oct 3, 2024 20:46:12.382626057 CEST49723443192.168.2.10184.28.90.27
                                                      Oct 3, 2024 20:46:12.382642031 CEST44349723184.28.90.27192.168.2.10
                                                      Oct 3, 2024 20:46:13.040138960 CEST44349723184.28.90.27192.168.2.10
                                                      Oct 3, 2024 20:46:13.040214062 CEST49723443192.168.2.10184.28.90.27
                                                      Oct 3, 2024 20:46:13.073050976 CEST49723443192.168.2.10184.28.90.27
                                                      Oct 3, 2024 20:46:13.073065042 CEST44349723184.28.90.27192.168.2.10
                                                      Oct 3, 2024 20:46:13.073291063 CEST44349723184.28.90.27192.168.2.10
                                                      Oct 3, 2024 20:46:13.074454069 CEST49723443192.168.2.10184.28.90.27
                                                      Oct 3, 2024 20:46:13.119390965 CEST44349723184.28.90.27192.168.2.10
                                                      Oct 3, 2024 20:46:13.320449114 CEST44349723184.28.90.27192.168.2.10
                                                      Oct 3, 2024 20:46:13.320516109 CEST44349723184.28.90.27192.168.2.10
                                                      Oct 3, 2024 20:46:13.320573092 CEST49723443192.168.2.10184.28.90.27
                                                      Oct 3, 2024 20:46:13.357431889 CEST49723443192.168.2.10184.28.90.27
                                                      Oct 3, 2024 20:46:13.357458115 CEST44349723184.28.90.27192.168.2.10
                                                      Oct 3, 2024 20:46:13.367449999 CEST49671443192.168.2.10204.79.197.203
                                                      Oct 3, 2024 20:46:15.984847069 CEST49737443192.168.2.10142.250.185.174
                                                      Oct 3, 2024 20:46:15.984889030 CEST44349737142.250.185.174192.168.2.10
                                                      Oct 3, 2024 20:46:15.984965086 CEST49737443192.168.2.10142.250.185.174
                                                      Oct 3, 2024 20:46:15.985260963 CEST49737443192.168.2.10142.250.185.174
                                                      Oct 3, 2024 20:46:15.985272884 CEST44349737142.250.185.174192.168.2.10
                                                      Oct 3, 2024 20:46:16.616337061 CEST44349737142.250.185.174192.168.2.10
                                                      Oct 3, 2024 20:46:16.616647959 CEST49737443192.168.2.10142.250.185.174
                                                      Oct 3, 2024 20:46:16.616677999 CEST44349737142.250.185.174192.168.2.10
                                                      Oct 3, 2024 20:46:16.617074966 CEST44349737142.250.185.174192.168.2.10
                                                      Oct 3, 2024 20:46:16.617142916 CEST49737443192.168.2.10142.250.185.174
                                                      Oct 3, 2024 20:46:16.617815971 CEST44349737142.250.185.174192.168.2.10
                                                      Oct 3, 2024 20:46:16.617871046 CEST49737443192.168.2.10142.250.185.174
                                                      Oct 3, 2024 20:46:16.619966984 CEST49737443192.168.2.10142.250.185.174
                                                      Oct 3, 2024 20:46:16.620090008 CEST44349737142.250.185.174192.168.2.10
                                                      Oct 3, 2024 20:46:16.620284081 CEST49737443192.168.2.10142.250.185.174
                                                      Oct 3, 2024 20:46:16.620295048 CEST44349737142.250.185.174192.168.2.10
                                                      Oct 3, 2024 20:46:16.663635015 CEST49737443192.168.2.10142.250.185.174
                                                      Oct 3, 2024 20:46:16.940498114 CEST44349737142.250.185.174192.168.2.10
                                                      Oct 3, 2024 20:46:16.940551996 CEST44349737142.250.185.174192.168.2.10
                                                      Oct 3, 2024 20:46:16.940627098 CEST49737443192.168.2.10142.250.185.174
                                                      Oct 3, 2024 20:46:16.940646887 CEST44349737142.250.185.174192.168.2.10
                                                      Oct 3, 2024 20:46:16.941255093 CEST49737443192.168.2.10142.250.185.174
                                                      Oct 3, 2024 20:46:16.942182064 CEST44349737142.250.185.174192.168.2.10
                                                      Oct 3, 2024 20:46:16.942219973 CEST49737443192.168.2.10142.250.185.174
                                                      Oct 3, 2024 20:46:16.943718910 CEST44349737142.250.185.174192.168.2.10
                                                      Oct 3, 2024 20:46:16.943762064 CEST49737443192.168.2.10142.250.185.174
                                                      Oct 3, 2024 20:46:16.948970079 CEST44349737142.250.185.174192.168.2.10
                                                      Oct 3, 2024 20:46:16.949033022 CEST49737443192.168.2.10142.250.185.174
                                                      Oct 3, 2024 20:46:16.949096918 CEST44349737142.250.185.174192.168.2.10
                                                      Oct 3, 2024 20:46:16.949135065 CEST49737443192.168.2.10142.250.185.174
                                                      Oct 3, 2024 20:46:16.955416918 CEST44349737142.250.185.174192.168.2.10
                                                      Oct 3, 2024 20:46:16.955480099 CEST49737443192.168.2.10142.250.185.174
                                                      Oct 3, 2024 20:46:16.961659908 CEST44349737142.250.185.174192.168.2.10
                                                      Oct 3, 2024 20:46:16.961719990 CEST44349737142.250.185.174192.168.2.10
                                                      Oct 3, 2024 20:46:16.961719990 CEST49737443192.168.2.10142.250.185.174
                                                      Oct 3, 2024 20:46:16.961739063 CEST44349737142.250.185.174192.168.2.10
                                                      Oct 3, 2024 20:46:16.961992979 CEST49737443192.168.2.10142.250.185.174
                                                      Oct 3, 2024 20:46:17.023425102 CEST44349737142.250.185.174192.168.2.10
                                                      Oct 3, 2024 20:46:17.023497105 CEST49737443192.168.2.10142.250.185.174
                                                      Oct 3, 2024 20:46:17.023523092 CEST44349737142.250.185.174192.168.2.10
                                                      Oct 3, 2024 20:46:17.023566961 CEST49737443192.168.2.10142.250.185.174
                                                      Oct 3, 2024 20:46:17.026093960 CEST44349737142.250.185.174192.168.2.10
                                                      Oct 3, 2024 20:46:17.026176929 CEST49737443192.168.2.10142.250.185.174
                                                      Oct 3, 2024 20:46:17.033309937 CEST44349737142.250.185.174192.168.2.10
                                                      Oct 3, 2024 20:46:17.033363104 CEST44349737142.250.185.174192.168.2.10
                                                      Oct 3, 2024 20:46:17.033453941 CEST49737443192.168.2.10142.250.185.174
                                                      Oct 3, 2024 20:46:17.033463001 CEST44349737142.250.185.174192.168.2.10
                                                      Oct 3, 2024 20:46:17.033499956 CEST49737443192.168.2.10142.250.185.174
                                                      Oct 3, 2024 20:46:17.038902044 CEST44349737142.250.185.174192.168.2.10
                                                      Oct 3, 2024 20:46:17.038948059 CEST49737443192.168.2.10142.250.185.174
                                                      Oct 3, 2024 20:46:17.044781923 CEST44349737142.250.185.174192.168.2.10
                                                      Oct 3, 2024 20:46:17.044830084 CEST49737443192.168.2.10142.250.185.174
                                                      Oct 3, 2024 20:46:17.044931889 CEST44349737142.250.185.174192.168.2.10
                                                      Oct 3, 2024 20:46:17.051201105 CEST44349737142.250.185.174192.168.2.10
                                                      Oct 3, 2024 20:46:17.051285028 CEST49737443192.168.2.10142.250.185.174
                                                      Oct 3, 2024 20:46:17.051295042 CEST44349737142.250.185.174192.168.2.10
                                                      Oct 3, 2024 20:46:17.057792902 CEST44349737142.250.185.174192.168.2.10
                                                      Oct 3, 2024 20:46:17.057871103 CEST49737443192.168.2.10142.250.185.174
                                                      Oct 3, 2024 20:46:17.057879925 CEST44349737142.250.185.174192.168.2.10
                                                      Oct 3, 2024 20:46:17.057950974 CEST44349737142.250.185.174192.168.2.10
                                                      Oct 3, 2024 20:46:17.058017969 CEST49737443192.168.2.10142.250.185.174
                                                      Oct 3, 2024 20:46:17.058568001 CEST49737443192.168.2.10142.250.185.174
                                                      Oct 3, 2024 20:46:17.058582067 CEST44349737142.250.185.174192.168.2.10
                                                      Oct 3, 2024 20:46:17.155529022 CEST49740443192.168.2.10142.250.186.142
                                                      Oct 3, 2024 20:46:17.155572891 CEST44349740142.250.186.142192.168.2.10
                                                      Oct 3, 2024 20:46:17.155790091 CEST49740443192.168.2.10142.250.186.142
                                                      Oct 3, 2024 20:46:17.156342030 CEST49740443192.168.2.10142.250.186.142
                                                      Oct 3, 2024 20:46:17.156358004 CEST44349740142.250.186.142192.168.2.10
                                                      Oct 3, 2024 20:46:17.221355915 CEST49741443192.168.2.10142.250.186.142
                                                      Oct 3, 2024 20:46:17.221404076 CEST44349741142.250.186.142192.168.2.10
                                                      Oct 3, 2024 20:46:17.221616983 CEST49741443192.168.2.10142.250.186.142
                                                      Oct 3, 2024 20:46:17.222001076 CEST49741443192.168.2.10142.250.186.142
                                                      Oct 3, 2024 20:46:17.222012043 CEST44349741142.250.186.142192.168.2.10
                                                      Oct 3, 2024 20:46:17.812254906 CEST44349740142.250.186.142192.168.2.10
                                                      Oct 3, 2024 20:46:17.812541962 CEST49740443192.168.2.10142.250.186.142
                                                      Oct 3, 2024 20:46:17.812561035 CEST44349740142.250.186.142192.168.2.10
                                                      Oct 3, 2024 20:46:17.812922001 CEST44349740142.250.186.142192.168.2.10
                                                      Oct 3, 2024 20:46:17.813007116 CEST49740443192.168.2.10142.250.186.142
                                                      Oct 3, 2024 20:46:17.813625097 CEST44349740142.250.186.142192.168.2.10
                                                      Oct 3, 2024 20:46:17.813740015 CEST49740443192.168.2.10142.250.186.142
                                                      Oct 3, 2024 20:46:17.814790010 CEST49740443192.168.2.10142.250.186.142
                                                      Oct 3, 2024 20:46:17.814857006 CEST44349740142.250.186.142192.168.2.10
                                                      Oct 3, 2024 20:46:17.815048933 CEST49740443192.168.2.10142.250.186.142
                                                      Oct 3, 2024 20:46:17.815059900 CEST44349740142.250.186.142192.168.2.10
                                                      Oct 3, 2024 20:46:17.859353065 CEST44349741142.250.186.142192.168.2.10
                                                      Oct 3, 2024 20:46:17.859561920 CEST49741443192.168.2.10142.250.186.142
                                                      Oct 3, 2024 20:46:17.859596968 CEST44349741142.250.186.142192.168.2.10
                                                      Oct 3, 2024 20:46:17.859993935 CEST44349741142.250.186.142192.168.2.10
                                                      Oct 3, 2024 20:46:17.860048056 CEST49741443192.168.2.10142.250.186.142
                                                      Oct 3, 2024 20:46:17.860696077 CEST44349741142.250.186.142192.168.2.10
                                                      Oct 3, 2024 20:46:17.860867977 CEST49741443192.168.2.10142.250.186.142
                                                      Oct 3, 2024 20:46:17.860877037 CEST44349741142.250.186.142192.168.2.10
                                                      Oct 3, 2024 20:46:17.861339092 CEST49741443192.168.2.10142.250.186.142
                                                      Oct 3, 2024 20:46:17.861433983 CEST44349741142.250.186.142192.168.2.10
                                                      Oct 3, 2024 20:46:17.861716986 CEST49741443192.168.2.10142.250.186.142
                                                      Oct 3, 2024 20:46:17.861731052 CEST44349741142.250.186.142192.168.2.10
                                                      Oct 3, 2024 20:46:17.868793964 CEST49740443192.168.2.10142.250.186.142
                                                      Oct 3, 2024 20:46:17.901632071 CEST49741443192.168.2.10142.250.186.142
                                                      Oct 3, 2024 20:46:18.114192009 CEST44349740142.250.186.142192.168.2.10
                                                      Oct 3, 2024 20:46:18.114768982 CEST49740443192.168.2.10142.250.186.142
                                                      Oct 3, 2024 20:46:18.114811897 CEST44349740142.250.186.142192.168.2.10
                                                      Oct 3, 2024 20:46:18.114887953 CEST49740443192.168.2.10142.250.186.142
                                                      Oct 3, 2024 20:46:18.115766048 CEST49745443192.168.2.10142.250.186.142
                                                      Oct 3, 2024 20:46:18.115793943 CEST44349745142.250.186.142192.168.2.10
                                                      Oct 3, 2024 20:46:18.115859032 CEST49745443192.168.2.10142.250.186.142
                                                      Oct 3, 2024 20:46:18.116530895 CEST49745443192.168.2.10142.250.186.142
                                                      Oct 3, 2024 20:46:18.116542101 CEST44349745142.250.186.142192.168.2.10
                                                      Oct 3, 2024 20:46:18.162758112 CEST44349741142.250.186.142192.168.2.10
                                                      Oct 3, 2024 20:46:18.162962914 CEST44349741142.250.186.142192.168.2.10
                                                      Oct 3, 2024 20:46:18.163101912 CEST49741443192.168.2.10142.250.186.142
                                                      Oct 3, 2024 20:46:18.163543940 CEST49741443192.168.2.10142.250.186.142
                                                      Oct 3, 2024 20:46:18.163564920 CEST44349741142.250.186.142192.168.2.10
                                                      Oct 3, 2024 20:46:18.163578033 CEST49741443192.168.2.10142.250.186.142
                                                      Oct 3, 2024 20:46:18.163610935 CEST49741443192.168.2.10142.250.186.142
                                                      Oct 3, 2024 20:46:18.165190935 CEST49747443192.168.2.10142.250.186.142
                                                      Oct 3, 2024 20:46:18.165226936 CEST44349747142.250.186.142192.168.2.10
                                                      Oct 3, 2024 20:46:18.165281057 CEST49747443192.168.2.10142.250.186.142
                                                      Oct 3, 2024 20:46:18.166491032 CEST49747443192.168.2.10142.250.186.142
                                                      Oct 3, 2024 20:46:18.166506052 CEST44349747142.250.186.142192.168.2.10
                                                      Oct 3, 2024 20:46:18.754846096 CEST44349745142.250.186.142192.168.2.10
                                                      Oct 3, 2024 20:46:18.755224943 CEST49745443192.168.2.10142.250.186.142
                                                      Oct 3, 2024 20:46:18.755233049 CEST44349745142.250.186.142192.168.2.10
                                                      Oct 3, 2024 20:46:18.755600929 CEST44349745142.250.186.142192.168.2.10
                                                      Oct 3, 2024 20:46:18.755748034 CEST49745443192.168.2.10142.250.186.142
                                                      Oct 3, 2024 20:46:18.756294012 CEST44349745142.250.186.142192.168.2.10
                                                      Oct 3, 2024 20:46:18.756453037 CEST49745443192.168.2.10142.250.186.142
                                                      Oct 3, 2024 20:46:18.756581068 CEST49745443192.168.2.10142.250.186.142
                                                      Oct 3, 2024 20:46:18.756627083 CEST44349745142.250.186.142192.168.2.10
                                                      Oct 3, 2024 20:46:18.756792068 CEST49745443192.168.2.10142.250.186.142
                                                      Oct 3, 2024 20:46:18.756798029 CEST44349745142.250.186.142192.168.2.10
                                                      Oct 3, 2024 20:46:18.756975889 CEST49745443192.168.2.10142.250.186.142
                                                      Oct 3, 2024 20:46:18.799392939 CEST44349745142.250.186.142192.168.2.10
                                                      Oct 3, 2024 20:46:18.804864883 CEST49745443192.168.2.10142.250.186.142
                                                      Oct 3, 2024 20:46:18.823931932 CEST44349747142.250.186.142192.168.2.10
                                                      Oct 3, 2024 20:46:18.824167013 CEST49747443192.168.2.10142.250.186.142
                                                      Oct 3, 2024 20:46:18.824176073 CEST44349747142.250.186.142192.168.2.10
                                                      Oct 3, 2024 20:46:18.824511051 CEST44349747142.250.186.142192.168.2.10
                                                      Oct 3, 2024 20:46:18.824565887 CEST49747443192.168.2.10142.250.186.142
                                                      Oct 3, 2024 20:46:18.825198889 CEST44349747142.250.186.142192.168.2.10
                                                      Oct 3, 2024 20:46:18.825244904 CEST49747443192.168.2.10142.250.186.142
                                                      Oct 3, 2024 20:46:18.825360060 CEST49747443192.168.2.10142.250.186.142
                                                      Oct 3, 2024 20:46:18.825402021 CEST44349747142.250.186.142192.168.2.10
                                                      Oct 3, 2024 20:46:18.825470924 CEST49747443192.168.2.10142.250.186.142
                                                      Oct 3, 2024 20:46:18.825478077 CEST44349747142.250.186.142192.168.2.10
                                                      Oct 3, 2024 20:46:18.825491905 CEST49747443192.168.2.10142.250.186.142
                                                      Oct 3, 2024 20:46:18.867846012 CEST49747443192.168.2.10142.250.186.142
                                                      Oct 3, 2024 20:46:18.867876053 CEST44349747142.250.186.142192.168.2.10
                                                      Oct 3, 2024 20:46:18.973680019 CEST44349745142.250.186.142192.168.2.10
                                                      Oct 3, 2024 20:46:18.973805904 CEST44349745142.250.186.142192.168.2.10
                                                      Oct 3, 2024 20:46:18.973906994 CEST49745443192.168.2.10142.250.186.142
                                                      Oct 3, 2024 20:46:18.975017071 CEST49745443192.168.2.10142.250.186.142
                                                      Oct 3, 2024 20:46:18.975038052 CEST44349745142.250.186.142192.168.2.10
                                                      Oct 3, 2024 20:46:19.032291889 CEST49749443192.168.2.104.245.163.56
                                                      Oct 3, 2024 20:46:19.032335043 CEST443497494.245.163.56192.168.2.10
                                                      Oct 3, 2024 20:46:19.032409906 CEST49749443192.168.2.104.245.163.56
                                                      Oct 3, 2024 20:46:19.033566952 CEST49749443192.168.2.104.245.163.56
                                                      Oct 3, 2024 20:46:19.033580065 CEST443497494.245.163.56192.168.2.10
                                                      Oct 3, 2024 20:46:19.045773029 CEST44349747142.250.186.142192.168.2.10
                                                      Oct 3, 2024 20:46:19.046392918 CEST44349747142.250.186.142192.168.2.10
                                                      Oct 3, 2024 20:46:19.046446085 CEST49747443192.168.2.10142.250.186.142
                                                      Oct 3, 2024 20:46:19.047499895 CEST49747443192.168.2.10142.250.186.142
                                                      Oct 3, 2024 20:46:19.047519922 CEST44349747142.250.186.142192.168.2.10
                                                      Oct 3, 2024 20:46:19.073519945 CEST49717443192.168.2.10216.58.212.132
                                                      Oct 3, 2024 20:46:19.119407892 CEST44349717216.58.212.132192.168.2.10
                                                      Oct 3, 2024 20:46:19.347218037 CEST44349717216.58.212.132192.168.2.10
                                                      Oct 3, 2024 20:46:19.347338915 CEST44349717216.58.212.132192.168.2.10
                                                      Oct 3, 2024 20:46:19.347425938 CEST49717443192.168.2.10216.58.212.132
                                                      Oct 3, 2024 20:46:19.347449064 CEST44349717216.58.212.132192.168.2.10
                                                      Oct 3, 2024 20:46:19.347522974 CEST44349717216.58.212.132192.168.2.10
                                                      Oct 3, 2024 20:46:19.347640038 CEST44349717216.58.212.132192.168.2.10
                                                      Oct 3, 2024 20:46:19.347666979 CEST49717443192.168.2.10216.58.212.132
                                                      Oct 3, 2024 20:46:19.347672939 CEST44349717216.58.212.132192.168.2.10
                                                      Oct 3, 2024 20:46:19.348823071 CEST44349717216.58.212.132192.168.2.10
                                                      Oct 3, 2024 20:46:19.348886013 CEST49717443192.168.2.10216.58.212.132
                                                      Oct 3, 2024 20:46:19.465348005 CEST49717443192.168.2.10216.58.212.132
                                                      Oct 3, 2024 20:46:19.465390921 CEST44349717216.58.212.132192.168.2.10
                                                      Oct 3, 2024 20:46:19.797801018 CEST443497494.245.163.56192.168.2.10
                                                      Oct 3, 2024 20:46:19.797874928 CEST49749443192.168.2.104.245.163.56
                                                      Oct 3, 2024 20:46:19.801048040 CEST49749443192.168.2.104.245.163.56
                                                      Oct 3, 2024 20:46:19.801058054 CEST443497494.245.163.56192.168.2.10
                                                      Oct 3, 2024 20:46:19.801310062 CEST443497494.245.163.56192.168.2.10
                                                      Oct 3, 2024 20:46:19.851761103 CEST49749443192.168.2.104.245.163.56
                                                      Oct 3, 2024 20:46:20.444035053 CEST49749443192.168.2.104.245.163.56
                                                      Oct 3, 2024 20:46:20.487402916 CEST443497494.245.163.56192.168.2.10
                                                      Oct 3, 2024 20:46:20.696322918 CEST443497494.245.163.56192.168.2.10
                                                      Oct 3, 2024 20:46:20.696348906 CEST443497494.245.163.56192.168.2.10
                                                      Oct 3, 2024 20:46:20.696357012 CEST443497494.245.163.56192.168.2.10
                                                      Oct 3, 2024 20:46:20.696369886 CEST443497494.245.163.56192.168.2.10
                                                      Oct 3, 2024 20:46:20.696400881 CEST443497494.245.163.56192.168.2.10
                                                      Oct 3, 2024 20:46:20.696429014 CEST49749443192.168.2.104.245.163.56
                                                      Oct 3, 2024 20:46:20.696444988 CEST443497494.245.163.56192.168.2.10
                                                      Oct 3, 2024 20:46:20.696480989 CEST49749443192.168.2.104.245.163.56
                                                      Oct 3, 2024 20:46:20.696485043 CEST443497494.245.163.56192.168.2.10
                                                      Oct 3, 2024 20:46:20.696502924 CEST49749443192.168.2.104.245.163.56
                                                      Oct 3, 2024 20:46:20.696537018 CEST49749443192.168.2.104.245.163.56
                                                      Oct 3, 2024 20:46:20.696949005 CEST443497494.245.163.56192.168.2.10
                                                      Oct 3, 2024 20:46:20.697000980 CEST443497494.245.163.56192.168.2.10
                                                      Oct 3, 2024 20:46:20.697041035 CEST49749443192.168.2.104.245.163.56
                                                      Oct 3, 2024 20:46:21.195745945 CEST49749443192.168.2.104.245.163.56
                                                      Oct 3, 2024 20:46:21.195745945 CEST49749443192.168.2.104.245.163.56
                                                      Oct 3, 2024 20:46:21.195782900 CEST443497494.245.163.56192.168.2.10
                                                      Oct 3, 2024 20:46:21.195797920 CEST443497494.245.163.56192.168.2.10
                                                      Oct 3, 2024 20:46:21.648566961 CEST49677443192.168.2.1020.42.65.85
                                                      Oct 3, 2024 20:46:24.902051926 CEST49758443192.168.2.10142.250.186.142
                                                      Oct 3, 2024 20:46:24.902108908 CEST44349758142.250.186.142192.168.2.10
                                                      Oct 3, 2024 20:46:24.902215004 CEST49758443192.168.2.10142.250.186.142
                                                      Oct 3, 2024 20:46:24.902551889 CEST49758443192.168.2.10142.250.186.142
                                                      Oct 3, 2024 20:46:24.902575016 CEST44349758142.250.186.142192.168.2.10
                                                      Oct 3, 2024 20:46:25.550329924 CEST44349758142.250.186.142192.168.2.10
                                                      Oct 3, 2024 20:46:25.553375006 CEST49758443192.168.2.10142.250.186.142
                                                      Oct 3, 2024 20:46:25.553402901 CEST44349758142.250.186.142192.168.2.10
                                                      Oct 3, 2024 20:46:25.553909063 CEST44349758142.250.186.142192.168.2.10
                                                      Oct 3, 2024 20:46:25.554219007 CEST49758443192.168.2.10142.250.186.142
                                                      Oct 3, 2024 20:46:25.554295063 CEST44349758142.250.186.142192.168.2.10
                                                      Oct 3, 2024 20:46:25.554820061 CEST49758443192.168.2.10142.250.186.142
                                                      Oct 3, 2024 20:46:25.554821014 CEST49758443192.168.2.10142.250.186.142
                                                      Oct 3, 2024 20:46:25.554846048 CEST44349758142.250.186.142192.168.2.10
                                                      Oct 3, 2024 20:46:25.880228996 CEST44349758142.250.186.142192.168.2.10
                                                      Oct 3, 2024 20:46:25.881333113 CEST44349758142.250.186.142192.168.2.10
                                                      Oct 3, 2024 20:46:25.881438017 CEST49758443192.168.2.10142.250.186.142
                                                      Oct 3, 2024 20:46:25.882424116 CEST49758443192.168.2.10142.250.186.142
                                                      Oct 3, 2024 20:46:25.882452965 CEST44349758142.250.186.142192.168.2.10
                                                      Oct 3, 2024 20:46:47.558696032 CEST49759443192.168.2.10142.250.186.142
                                                      Oct 3, 2024 20:46:47.558794022 CEST44349759142.250.186.142192.168.2.10
                                                      Oct 3, 2024 20:46:47.558891058 CEST49759443192.168.2.10142.250.186.142
                                                      Oct 3, 2024 20:46:47.559118032 CEST49759443192.168.2.10142.250.186.142
                                                      Oct 3, 2024 20:46:47.559154034 CEST44349759142.250.186.142192.168.2.10
                                                      Oct 3, 2024 20:46:47.590756893 CEST49760443192.168.2.10142.250.186.142
                                                      Oct 3, 2024 20:46:47.590823889 CEST44349760142.250.186.142192.168.2.10
                                                      Oct 3, 2024 20:46:47.590904951 CEST49760443192.168.2.10142.250.186.142
                                                      Oct 3, 2024 20:46:47.591131926 CEST49760443192.168.2.10142.250.186.142
                                                      Oct 3, 2024 20:46:47.591152906 CEST44349760142.250.186.142192.168.2.10
                                                      Oct 3, 2024 20:46:48.152621031 CEST49761443192.168.2.10142.250.186.142
                                                      Oct 3, 2024 20:46:48.152673960 CEST44349761142.250.186.142192.168.2.10
                                                      Oct 3, 2024 20:46:48.152756929 CEST49761443192.168.2.10142.250.186.142
                                                      Oct 3, 2024 20:46:48.153059006 CEST49761443192.168.2.10142.250.186.142
                                                      Oct 3, 2024 20:46:48.153073072 CEST44349761142.250.186.142192.168.2.10
                                                      Oct 3, 2024 20:46:48.211806059 CEST44349759142.250.186.142192.168.2.10
                                                      Oct 3, 2024 20:46:48.212152958 CEST49759443192.168.2.10142.250.186.142
                                                      Oct 3, 2024 20:46:48.212182045 CEST44349759142.250.186.142192.168.2.10
                                                      Oct 3, 2024 20:46:48.213031054 CEST44349759142.250.186.142192.168.2.10
                                                      Oct 3, 2024 20:46:48.213401079 CEST49759443192.168.2.10142.250.186.142
                                                      Oct 3, 2024 20:46:48.213520050 CEST44349759142.250.186.142192.168.2.10
                                                      Oct 3, 2024 20:46:48.213562012 CEST49759443192.168.2.10142.250.186.142
                                                      Oct 3, 2024 20:46:48.213582993 CEST49759443192.168.2.10142.250.186.142
                                                      Oct 3, 2024 20:46:48.213635921 CEST44349759142.250.186.142192.168.2.10
                                                      Oct 3, 2024 20:46:48.229371071 CEST44349760142.250.186.142192.168.2.10
                                                      Oct 3, 2024 20:46:48.229674101 CEST49760443192.168.2.10142.250.186.142
                                                      Oct 3, 2024 20:46:48.229712009 CEST44349760142.250.186.142192.168.2.10
                                                      Oct 3, 2024 20:46:48.230921030 CEST44349760142.250.186.142192.168.2.10
                                                      Oct 3, 2024 20:46:48.231277943 CEST49760443192.168.2.10142.250.186.142
                                                      Oct 3, 2024 20:46:48.231415987 CEST49760443192.168.2.10142.250.186.142
                                                      Oct 3, 2024 20:46:48.231425047 CEST44349760142.250.186.142192.168.2.10
                                                      Oct 3, 2024 20:46:48.231441021 CEST49760443192.168.2.10142.250.186.142
                                                      Oct 3, 2024 20:46:48.231460094 CEST44349760142.250.186.142192.168.2.10
                                                      Oct 3, 2024 20:46:48.274122000 CEST49760443192.168.2.10142.250.186.142
                                                      Oct 3, 2024 20:46:48.517112970 CEST44349759142.250.186.142192.168.2.10
                                                      Oct 3, 2024 20:46:48.517611027 CEST44349759142.250.186.142192.168.2.10
                                                      Oct 3, 2024 20:46:48.517739058 CEST49759443192.168.2.10142.250.186.142
                                                      Oct 3, 2024 20:46:48.517829895 CEST49759443192.168.2.10142.250.186.142
                                                      Oct 3, 2024 20:46:48.517863989 CEST44349759142.250.186.142192.168.2.10
                                                      Oct 3, 2024 20:46:48.528743029 CEST44349760142.250.186.142192.168.2.10
                                                      Oct 3, 2024 20:46:48.529546022 CEST44349760142.250.186.142192.168.2.10
                                                      Oct 3, 2024 20:46:48.529613972 CEST49760443192.168.2.10142.250.186.142
                                                      Oct 3, 2024 20:46:48.529702902 CEST49760443192.168.2.10142.250.186.142
                                                      Oct 3, 2024 20:46:48.529717922 CEST44349760142.250.186.142192.168.2.10
                                                      Oct 3, 2024 20:46:48.799546957 CEST44349761142.250.186.142192.168.2.10
                                                      Oct 3, 2024 20:46:48.799906015 CEST49761443192.168.2.10142.250.186.142
                                                      Oct 3, 2024 20:46:48.799917936 CEST44349761142.250.186.142192.168.2.10
                                                      Oct 3, 2024 20:46:48.800219059 CEST44349761142.250.186.142192.168.2.10
                                                      Oct 3, 2024 20:46:48.800287962 CEST49761443192.168.2.10142.250.186.142
                                                      Oct 3, 2024 20:46:48.800831079 CEST44349761142.250.186.142192.168.2.10
                                                      Oct 3, 2024 20:46:48.800875902 CEST49761443192.168.2.10142.250.186.142
                                                      Oct 3, 2024 20:46:48.801110029 CEST49761443192.168.2.10142.250.186.142
                                                      Oct 3, 2024 20:46:48.801153898 CEST44349761142.250.186.142192.168.2.10
                                                      Oct 3, 2024 20:46:48.801187038 CEST49761443192.168.2.10142.250.186.142
                                                      Oct 3, 2024 20:46:48.801199913 CEST49761443192.168.2.10142.250.186.142
                                                      Oct 3, 2024 20:46:48.801245928 CEST44349761142.250.186.142192.168.2.10
                                                      Oct 3, 2024 20:46:48.852261066 CEST49761443192.168.2.10142.250.186.142
                                                      Oct 3, 2024 20:46:48.852277994 CEST44349761142.250.186.142192.168.2.10
                                                      Oct 3, 2024 20:46:48.899152994 CEST49761443192.168.2.10142.250.186.142
                                                      Oct 3, 2024 20:46:49.116789103 CEST44349761142.250.186.142192.168.2.10
                                                      Oct 3, 2024 20:46:49.117328882 CEST44349761142.250.186.142192.168.2.10
                                                      Oct 3, 2024 20:46:49.117439985 CEST49761443192.168.2.10142.250.186.142
                                                      Oct 3, 2024 20:46:49.117892027 CEST49761443192.168.2.10142.250.186.142
                                                      Oct 3, 2024 20:46:49.117903948 CEST44349761142.250.186.142192.168.2.10
                                                      Oct 3, 2024 20:46:58.293124914 CEST49762443192.168.2.104.245.163.56
                                                      Oct 3, 2024 20:46:58.293165922 CEST443497624.245.163.56192.168.2.10
                                                      Oct 3, 2024 20:46:58.293234110 CEST49762443192.168.2.104.245.163.56
                                                      Oct 3, 2024 20:46:58.293589115 CEST49762443192.168.2.104.245.163.56
                                                      Oct 3, 2024 20:46:58.293603897 CEST443497624.245.163.56192.168.2.10
                                                      Oct 3, 2024 20:46:59.085745096 CEST443497624.245.163.56192.168.2.10
                                                      Oct 3, 2024 20:46:59.085872889 CEST49762443192.168.2.104.245.163.56
                                                      Oct 3, 2024 20:46:59.089803934 CEST49762443192.168.2.104.245.163.56
                                                      Oct 3, 2024 20:46:59.089828968 CEST443497624.245.163.56192.168.2.10
                                                      Oct 3, 2024 20:46:59.090265989 CEST443497624.245.163.56192.168.2.10
                                                      Oct 3, 2024 20:46:59.095943928 CEST49762443192.168.2.104.245.163.56
                                                      Oct 3, 2024 20:46:59.139410019 CEST443497624.245.163.56192.168.2.10
                                                      Oct 3, 2024 20:46:59.411218882 CEST443497624.245.163.56192.168.2.10
                                                      Oct 3, 2024 20:46:59.411251068 CEST443497624.245.163.56192.168.2.10
                                                      Oct 3, 2024 20:46:59.411355019 CEST49762443192.168.2.104.245.163.56
                                                      Oct 3, 2024 20:46:59.411380053 CEST443497624.245.163.56192.168.2.10
                                                      Oct 3, 2024 20:46:59.411468983 CEST443497624.245.163.56192.168.2.10
                                                      Oct 3, 2024 20:46:59.411488056 CEST49762443192.168.2.104.245.163.56
                                                      Oct 3, 2024 20:46:59.411520004 CEST49762443192.168.2.104.245.163.56
                                                      Oct 3, 2024 20:46:59.412811995 CEST443497624.245.163.56192.168.2.10
                                                      Oct 3, 2024 20:46:59.412872076 CEST443497624.245.163.56192.168.2.10
                                                      Oct 3, 2024 20:46:59.412892103 CEST49762443192.168.2.104.245.163.56
                                                      Oct 3, 2024 20:46:59.412900925 CEST443497624.245.163.56192.168.2.10
                                                      Oct 3, 2024 20:46:59.412928104 CEST49762443192.168.2.104.245.163.56
                                                      Oct 3, 2024 20:46:59.413042068 CEST443497624.245.163.56192.168.2.10
                                                      Oct 3, 2024 20:46:59.413096905 CEST49762443192.168.2.104.245.163.56
                                                      Oct 3, 2024 20:46:59.414062977 CEST49762443192.168.2.104.245.163.56
                                                      Oct 3, 2024 20:46:59.414078951 CEST443497624.245.163.56192.168.2.10
                                                      Oct 3, 2024 20:46:59.414088011 CEST49762443192.168.2.104.245.163.56
                                                      Oct 3, 2024 20:46:59.414094925 CEST443497624.245.163.56192.168.2.10
                                                      Oct 3, 2024 20:47:10.884196997 CEST49764443192.168.2.10216.58.212.132
                                                      Oct 3, 2024 20:47:10.884263039 CEST44349764216.58.212.132192.168.2.10
                                                      Oct 3, 2024 20:47:10.884407043 CEST49764443192.168.2.10216.58.212.132
                                                      Oct 3, 2024 20:47:10.884644985 CEST49764443192.168.2.10216.58.212.132
                                                      Oct 3, 2024 20:47:10.884665012 CEST44349764216.58.212.132192.168.2.10
                                                      Oct 3, 2024 20:47:12.279664040 CEST44349764216.58.212.132192.168.2.10
                                                      Oct 3, 2024 20:47:12.280046940 CEST49764443192.168.2.10216.58.212.132
                                                      Oct 3, 2024 20:47:12.280114889 CEST44349764216.58.212.132192.168.2.10
                                                      Oct 3, 2024 20:47:12.281248093 CEST44349764216.58.212.132192.168.2.10
                                                      Oct 3, 2024 20:47:12.281663895 CEST49764443192.168.2.10216.58.212.132
                                                      Oct 3, 2024 20:47:12.281816959 CEST44349764216.58.212.132192.168.2.10
                                                      Oct 3, 2024 20:47:12.337045908 CEST49764443192.168.2.10216.58.212.132
                                                      Oct 3, 2024 20:47:18.507314920 CEST49767443192.168.2.10142.250.185.110
                                                      Oct 3, 2024 20:47:18.507350922 CEST44349767142.250.185.110192.168.2.10
                                                      Oct 3, 2024 20:47:18.507419109 CEST49767443192.168.2.10142.250.185.110
                                                      Oct 3, 2024 20:47:18.507647038 CEST49767443192.168.2.10142.250.185.110
                                                      Oct 3, 2024 20:47:18.507656097 CEST44349767142.250.185.110192.168.2.10
                                                      Oct 3, 2024 20:47:18.652257919 CEST49768443192.168.2.10142.250.185.110
                                                      Oct 3, 2024 20:47:18.652338028 CEST44349768142.250.185.110192.168.2.10
                                                      Oct 3, 2024 20:47:18.652426004 CEST49768443192.168.2.10142.250.185.110
                                                      Oct 3, 2024 20:47:18.652698040 CEST49768443192.168.2.10142.250.185.110
                                                      Oct 3, 2024 20:47:18.652729988 CEST44349768142.250.185.110192.168.2.10
                                                      Oct 3, 2024 20:47:19.566576004 CEST44349767142.250.185.110192.168.2.10
                                                      Oct 3, 2024 20:47:19.566936016 CEST49767443192.168.2.10142.250.185.110
                                                      Oct 3, 2024 20:47:19.566946983 CEST44349767142.250.185.110192.168.2.10
                                                      Oct 3, 2024 20:47:19.567050934 CEST44349768142.250.185.110192.168.2.10
                                                      Oct 3, 2024 20:47:19.567241907 CEST49768443192.168.2.10142.250.185.110
                                                      Oct 3, 2024 20:47:19.567302942 CEST44349768142.250.185.110192.168.2.10
                                                      Oct 3, 2024 20:47:19.567307949 CEST44349767142.250.185.110192.168.2.10
                                                      Oct 3, 2024 20:47:19.567775965 CEST44349768142.250.185.110192.168.2.10
                                                      Oct 3, 2024 20:47:19.567787886 CEST49767443192.168.2.10142.250.185.110
                                                      Oct 3, 2024 20:47:19.567787886 CEST49767443192.168.2.10142.250.185.110
                                                      Oct 3, 2024 20:47:19.567787886 CEST49767443192.168.2.10142.250.185.110
                                                      Oct 3, 2024 20:47:19.567804098 CEST44349767142.250.185.110192.168.2.10
                                                      Oct 3, 2024 20:47:19.567851067 CEST44349767142.250.185.110192.168.2.10
                                                      Oct 3, 2024 20:47:19.568057060 CEST49768443192.168.2.10142.250.185.110
                                                      Oct 3, 2024 20:47:19.568133116 CEST44349768142.250.185.110192.168.2.10
                                                      Oct 3, 2024 20:47:19.568186998 CEST49768443192.168.2.10142.250.185.110
                                                      Oct 3, 2024 20:47:19.568240881 CEST49768443192.168.2.10142.250.185.110
                                                      Oct 3, 2024 20:47:19.568253994 CEST44349768142.250.185.110192.168.2.10
                                                      Oct 3, 2024 20:47:19.616849899 CEST49768443192.168.2.10142.250.185.110
                                                      Oct 3, 2024 20:47:19.617296934 CEST49767443192.168.2.10142.250.185.110
                                                      Oct 3, 2024 20:47:19.875662088 CEST44349767142.250.185.110192.168.2.10
                                                      Oct 3, 2024 20:47:19.877227068 CEST44349767142.250.185.110192.168.2.10
                                                      Oct 3, 2024 20:47:19.877444029 CEST49767443192.168.2.10142.250.185.110
                                                      Oct 3, 2024 20:47:19.877626896 CEST49767443192.168.2.10142.250.185.110
                                                      Oct 3, 2024 20:47:19.877643108 CEST44349767142.250.185.110192.168.2.10
                                                      Oct 3, 2024 20:47:19.878413916 CEST44349768142.250.185.110192.168.2.10
                                                      Oct 3, 2024 20:47:19.878854036 CEST44349768142.250.185.110192.168.2.10
                                                      Oct 3, 2024 20:47:19.878914118 CEST49768443192.168.2.10142.250.185.110
                                                      Oct 3, 2024 20:47:19.879112005 CEST49768443192.168.2.10142.250.185.110
                                                      Oct 3, 2024 20:47:19.879158020 CEST44349768142.250.185.110192.168.2.10
                                                      Oct 3, 2024 20:47:22.043123960 CEST44349764216.58.212.132192.168.2.10
                                                      Oct 3, 2024 20:47:22.043219090 CEST44349764216.58.212.132192.168.2.10
                                                      Oct 3, 2024 20:47:22.043400049 CEST49764443192.168.2.10216.58.212.132
                                                      Oct 3, 2024 20:47:34.227334976 CEST49764443192.168.2.10216.58.212.132
                                                      Oct 3, 2024 20:47:34.227374077 CEST44349764216.58.212.132192.168.2.10
                                                      Oct 3, 2024 20:47:50.995076895 CEST49770443192.168.2.10142.250.185.110
                                                      Oct 3, 2024 20:47:50.995119095 CEST44349770142.250.185.110192.168.2.10
                                                      Oct 3, 2024 20:47:50.995187044 CEST49770443192.168.2.10142.250.185.110
                                                      Oct 3, 2024 20:47:50.999079943 CEST49770443192.168.2.10142.250.185.110
                                                      Oct 3, 2024 20:47:50.999094009 CEST44349770142.250.185.110192.168.2.10
                                                      Oct 3, 2024 20:47:51.001878977 CEST49771443192.168.2.10142.250.185.110
                                                      Oct 3, 2024 20:47:51.001946926 CEST44349771142.250.185.110192.168.2.10
                                                      Oct 3, 2024 20:47:51.002012968 CEST49771443192.168.2.10142.250.185.110
                                                      Oct 3, 2024 20:47:51.002258062 CEST49771443192.168.2.10142.250.185.110
                                                      Oct 3, 2024 20:47:51.002290010 CEST44349771142.250.185.110192.168.2.10
                                                      Oct 3, 2024 20:47:51.637692928 CEST44349770142.250.185.110192.168.2.10
                                                      Oct 3, 2024 20:47:51.638431072 CEST49770443192.168.2.10142.250.185.110
                                                      Oct 3, 2024 20:47:51.638452053 CEST44349770142.250.185.110192.168.2.10
                                                      Oct 3, 2024 20:47:51.638817072 CEST44349770142.250.185.110192.168.2.10
                                                      Oct 3, 2024 20:47:51.639245987 CEST49770443192.168.2.10142.250.185.110
                                                      Oct 3, 2024 20:47:51.639245987 CEST49770443192.168.2.10142.250.185.110
                                                      Oct 3, 2024 20:47:51.639261007 CEST44349770142.250.185.110192.168.2.10
                                                      Oct 3, 2024 20:47:51.639271975 CEST49770443192.168.2.10142.250.185.110
                                                      Oct 3, 2024 20:47:51.639309883 CEST44349770142.250.185.110192.168.2.10
                                                      Oct 3, 2024 20:47:51.666244984 CEST44349771142.250.185.110192.168.2.10
                                                      Oct 3, 2024 20:47:51.666534901 CEST49771443192.168.2.10142.250.185.110
                                                      Oct 3, 2024 20:47:51.666572094 CEST44349771142.250.185.110192.168.2.10
                                                      Oct 3, 2024 20:47:51.667872906 CEST44349771142.250.185.110192.168.2.10
                                                      Oct 3, 2024 20:47:51.668174028 CEST49771443192.168.2.10142.250.185.110
                                                      Oct 3, 2024 20:47:51.668303013 CEST49771443192.168.2.10142.250.185.110
                                                      Oct 3, 2024 20:47:51.668320894 CEST44349771142.250.185.110192.168.2.10
                                                      Oct 3, 2024 20:47:51.668348074 CEST49771443192.168.2.10142.250.185.110
                                                      Oct 3, 2024 20:47:51.668348074 CEST49771443192.168.2.10142.250.185.110
                                                      Oct 3, 2024 20:47:51.668358088 CEST44349771142.250.185.110192.168.2.10
                                                      Oct 3, 2024 20:47:51.668472052 CEST44349771142.250.185.110192.168.2.10
                                                      Oct 3, 2024 20:47:51.681689978 CEST49770443192.168.2.10142.250.185.110
                                                      Oct 3, 2024 20:47:51.712270975 CEST49771443192.168.2.10142.250.185.110
                                                      Oct 3, 2024 20:47:51.949842930 CEST44349770142.250.185.110192.168.2.10
                                                      Oct 3, 2024 20:47:51.950776100 CEST44349770142.250.185.110192.168.2.10
                                                      Oct 3, 2024 20:47:51.950938940 CEST49770443192.168.2.10142.250.185.110
                                                      Oct 3, 2024 20:47:51.951373100 CEST49770443192.168.2.10142.250.185.110
                                                      Oct 3, 2024 20:47:51.951390028 CEST44349770142.250.185.110192.168.2.10
                                                      Oct 3, 2024 20:47:51.969696045 CEST44349771142.250.185.110192.168.2.10
                                                      Oct 3, 2024 20:47:51.971128941 CEST44349771142.250.185.110192.168.2.10
                                                      Oct 3, 2024 20:47:51.971255064 CEST49771443192.168.2.10142.250.185.110
                                                      Oct 3, 2024 20:47:51.971447945 CEST49771443192.168.2.10142.250.185.110
                                                      Oct 3, 2024 20:47:51.971493006 CEST44349771142.250.185.110192.168.2.10

                                                      UDP Packets

                                                      TimestampSource PortDest PortSource IPDest IP
                                                      Oct 3, 2024 20:46:06.483845949 CEST53520271.1.1.1192.168.2.10
                                                      Oct 3, 2024 20:46:06.619112968 CEST6181153192.168.2.101.1.1.1
                                                      Oct 3, 2024 20:46:06.619251013 CEST5322653192.168.2.101.1.1.1
                                                      Oct 3, 2024 20:46:06.626322985 CEST53618111.1.1.1192.168.2.10
                                                      Oct 3, 2024 20:46:06.628180981 CEST53532261.1.1.1192.168.2.10
                                                      Oct 3, 2024 20:46:06.636347055 CEST53565881.1.1.1192.168.2.10
                                                      Oct 3, 2024 20:46:07.558260918 CEST4943253192.168.2.101.1.1.1
                                                      Oct 3, 2024 20:46:07.558430910 CEST5401453192.168.2.101.1.1.1
                                                      Oct 3, 2024 20:46:07.565463066 CEST53494321.1.1.1192.168.2.10
                                                      Oct 3, 2024 20:46:07.565613985 CEST53540141.1.1.1192.168.2.10
                                                      Oct 3, 2024 20:46:07.609477043 CEST53596751.1.1.1192.168.2.10
                                                      Oct 3, 2024 20:46:10.825752020 CEST5263753192.168.2.101.1.1.1
                                                      Oct 3, 2024 20:46:10.825937986 CEST6231653192.168.2.101.1.1.1
                                                      Oct 3, 2024 20:46:10.832809925 CEST53623161.1.1.1192.168.2.10
                                                      Oct 3, 2024 20:46:10.833049059 CEST53526371.1.1.1192.168.2.10
                                                      Oct 3, 2024 20:46:11.141871929 CEST53526041.1.1.1192.168.2.10
                                                      Oct 3, 2024 20:46:13.169904947 CEST53588451.1.1.1192.168.2.10
                                                      Oct 3, 2024 20:46:15.971231937 CEST5622053192.168.2.101.1.1.1
                                                      Oct 3, 2024 20:46:15.973872900 CEST6445753192.168.2.101.1.1.1
                                                      Oct 3, 2024 20:46:15.978785992 CEST53562201.1.1.1192.168.2.10
                                                      Oct 3, 2024 20:46:15.984180927 CEST53644571.1.1.1192.168.2.10
                                                      Oct 3, 2024 20:46:17.110843897 CEST6406053192.168.2.101.1.1.1
                                                      Oct 3, 2024 20:46:17.111095905 CEST5991053192.168.2.101.1.1.1
                                                      Oct 3, 2024 20:46:17.117821932 CEST53640601.1.1.1192.168.2.10
                                                      Oct 3, 2024 20:46:17.118300915 CEST53599101.1.1.1192.168.2.10
                                                      Oct 3, 2024 20:46:24.691057920 CEST53596551.1.1.1192.168.2.10
                                                      Oct 3, 2024 20:46:43.778680086 CEST53630361.1.1.1192.168.2.10
                                                      Oct 3, 2024 20:47:01.779570103 CEST138138192.168.2.10192.168.2.255
                                                      Oct 3, 2024 20:47:06.151791096 CEST53536761.1.1.1192.168.2.10
                                                      Oct 3, 2024 20:47:06.563050985 CEST53599761.1.1.1192.168.2.10
                                                      Oct 3, 2024 20:47:14.903445959 CEST53545321.1.1.1192.168.2.10
                                                      Oct 3, 2024 20:47:18.495982885 CEST5905053192.168.2.101.1.1.1
                                                      Oct 3, 2024 20:47:18.495982885 CEST5200253192.168.2.101.1.1.1
                                                      Oct 3, 2024 20:47:18.503151894 CEST53590501.1.1.1192.168.2.10
                                                      Oct 3, 2024 20:47:18.504151106 CEST53520021.1.1.1192.168.2.10
                                                      Oct 3, 2024 20:47:34.235404968 CEST53614321.1.1.1192.168.2.10

                                                      DNS Queries

                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                      Oct 3, 2024 20:46:06.619112968 CEST192.168.2.101.1.1.10xd5bcStandard query (0)youtube.comA (IP address)IN (0x0001)false
                                                      Oct 3, 2024 20:46:06.619251013 CEST192.168.2.101.1.1.10x338cStandard query (0)youtube.com65IN (0x0001)false
                                                      Oct 3, 2024 20:46:07.558260918 CEST192.168.2.101.1.1.10xca8aStandard query (0)www.youtube.comA (IP address)IN (0x0001)false
                                                      Oct 3, 2024 20:46:07.558430910 CEST192.168.2.101.1.1.10x2e21Standard query (0)www.youtube.com65IN (0x0001)false
                                                      Oct 3, 2024 20:46:10.825752020 CEST192.168.2.101.1.1.10x8b9dStandard query (0)www.google.comA (IP address)IN (0x0001)false
                                                      Oct 3, 2024 20:46:10.825937986 CEST192.168.2.101.1.1.10x9d9bStandard query (0)www.google.com65IN (0x0001)false
                                                      Oct 3, 2024 20:46:15.971231937 CEST192.168.2.101.1.1.10xba50Standard query (0)accounts.youtube.comA (IP address)IN (0x0001)false
                                                      Oct 3, 2024 20:46:15.973872900 CEST192.168.2.101.1.1.10xe1c5Standard query (0)accounts.youtube.com65IN (0x0001)false
                                                      Oct 3, 2024 20:46:17.110843897 CEST192.168.2.101.1.1.10xff27Standard query (0)play.google.comA (IP address)IN (0x0001)false
                                                      Oct 3, 2024 20:46:17.111095905 CEST192.168.2.101.1.1.10x1f2dStandard query (0)play.google.com65IN (0x0001)false
                                                      Oct 3, 2024 20:47:18.495982885 CEST192.168.2.101.1.1.10xc3c0Standard query (0)play.google.comA (IP address)IN (0x0001)false
                                                      Oct 3, 2024 20:47:18.495982885 CEST192.168.2.101.1.1.10x4c7Standard query (0)play.google.com65IN (0x0001)false

                                                      DNS Answers

                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                      Oct 3, 2024 20:46:06.626322985 CEST1.1.1.1192.168.2.100xd5bcNo error (0)youtube.com172.217.16.206A (IP address)IN (0x0001)false
                                                      Oct 3, 2024 20:46:06.628180981 CEST1.1.1.1192.168.2.100x338cNo error (0)youtube.com65IN (0x0001)false
                                                      Oct 3, 2024 20:46:07.565463066 CEST1.1.1.1192.168.2.100xca8aNo error (0)www.youtube.comyoutube-ui.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                      Oct 3, 2024 20:46:07.565463066 CEST1.1.1.1192.168.2.100xca8aNo error (0)youtube-ui.l.google.com142.250.181.238A (IP address)IN (0x0001)false
                                                      Oct 3, 2024 20:46:07.565463066 CEST1.1.1.1192.168.2.100xca8aNo error (0)youtube-ui.l.google.com172.217.16.142A (IP address)IN (0x0001)false
                                                      Oct 3, 2024 20:46:07.565463066 CEST1.1.1.1192.168.2.100xca8aNo error (0)youtube-ui.l.google.com142.250.186.78A (IP address)IN (0x0001)false
                                                      Oct 3, 2024 20:46:07.565463066 CEST1.1.1.1192.168.2.100xca8aNo error (0)youtube-ui.l.google.com142.250.185.206A (IP address)IN (0x0001)false
                                                      Oct 3, 2024 20:46:07.565463066 CEST1.1.1.1192.168.2.100xca8aNo error (0)youtube-ui.l.google.com142.250.186.110A (IP address)IN (0x0001)false
                                                      Oct 3, 2024 20:46:07.565463066 CEST1.1.1.1192.168.2.100xca8aNo error (0)youtube-ui.l.google.com142.250.185.238A (IP address)IN (0x0001)false
                                                      Oct 3, 2024 20:46:07.565463066 CEST1.1.1.1192.168.2.100xca8aNo error (0)youtube-ui.l.google.com216.58.212.174A (IP address)IN (0x0001)false
                                                      Oct 3, 2024 20:46:07.565463066 CEST1.1.1.1192.168.2.100xca8aNo error (0)youtube-ui.l.google.com142.250.186.174A (IP address)IN (0x0001)false
                                                      Oct 3, 2024 20:46:07.565463066 CEST1.1.1.1192.168.2.100xca8aNo error (0)youtube-ui.l.google.com142.250.74.206A (IP address)IN (0x0001)false
                                                      Oct 3, 2024 20:46:07.565463066 CEST1.1.1.1192.168.2.100xca8aNo error (0)youtube-ui.l.google.com142.250.186.46A (IP address)IN (0x0001)false
                                                      Oct 3, 2024 20:46:07.565463066 CEST1.1.1.1192.168.2.100xca8aNo error (0)youtube-ui.l.google.com216.58.206.46A (IP address)IN (0x0001)false
                                                      Oct 3, 2024 20:46:07.565463066 CEST1.1.1.1192.168.2.100xca8aNo error (0)youtube-ui.l.google.com142.250.184.206A (IP address)IN (0x0001)false
                                                      Oct 3, 2024 20:46:07.565463066 CEST1.1.1.1192.168.2.100xca8aNo error (0)youtube-ui.l.google.com172.217.18.14A (IP address)IN (0x0001)false
                                                      Oct 3, 2024 20:46:07.565463066 CEST1.1.1.1192.168.2.100xca8aNo error (0)youtube-ui.l.google.com142.250.185.174A (IP address)IN (0x0001)false
                                                      Oct 3, 2024 20:46:07.565463066 CEST1.1.1.1192.168.2.100xca8aNo error (0)youtube-ui.l.google.com142.250.184.238A (IP address)IN (0x0001)false
                                                      Oct 3, 2024 20:46:07.565463066 CEST1.1.1.1192.168.2.100xca8aNo error (0)youtube-ui.l.google.com172.217.16.206A (IP address)IN (0x0001)false
                                                      Oct 3, 2024 20:46:07.565613985 CEST1.1.1.1192.168.2.100x2e21No error (0)www.youtube.comyoutube-ui.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                      Oct 3, 2024 20:46:07.565613985 CEST1.1.1.1192.168.2.100x2e21No error (0)youtube-ui.l.google.com65IN (0x0001)false
                                                      Oct 3, 2024 20:46:10.832809925 CEST1.1.1.1192.168.2.100x9d9bNo error (0)www.google.com65IN (0x0001)false
                                                      Oct 3, 2024 20:46:10.833049059 CEST1.1.1.1192.168.2.100x8b9dNo error (0)www.google.com216.58.212.132A (IP address)IN (0x0001)false
                                                      Oct 3, 2024 20:46:15.978785992 CEST1.1.1.1192.168.2.100xba50No error (0)accounts.youtube.comwww3.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                      Oct 3, 2024 20:46:15.978785992 CEST1.1.1.1192.168.2.100xba50No error (0)www3.l.google.com142.250.185.174A (IP address)IN (0x0001)false
                                                      Oct 3, 2024 20:46:15.984180927 CEST1.1.1.1192.168.2.100xe1c5No error (0)accounts.youtube.comwww3.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                      Oct 3, 2024 20:46:17.117821932 CEST1.1.1.1192.168.2.100xff27No error (0)play.google.com142.250.186.142A (IP address)IN (0x0001)false
                                                      Oct 3, 2024 20:47:18.503151894 CEST1.1.1.1192.168.2.100xc3c0No error (0)play.google.com142.250.185.110A (IP address)IN (0x0001)false

                                                      HTTP Request Dependency Graph

                                                      • youtube.com
                                                      • www.youtube.com
                                                      • fs.microsoft.com
                                                      • https:
                                                        • accounts.youtube.com
                                                        • play.google.com
                                                        • www.google.com
                                                      • slscr.update.microsoft.com

                                                      HTTPS Proxied Packets

                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      0192.168.2.1049707172.217.16.2064437808C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      TimestampBytes transferredDirectionData
                                                      2024-10-03 18:46:07 UTC851OUTGET /account?=https://accounts.google.com/v3/signin/challenge/pwd HTTP/1.1
                                                      Host: youtube.com
                                                      Connection: keep-alive
                                                      sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                      sec-ch-ua-mobile: ?0
                                                      sec-ch-ua-platform: "Windows"
                                                      Upgrade-Insecure-Requests: 1
                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                      X-Client-Data: CJe2yQEIo7bJAQipncoBCJr0ygEIkqHLAQiFoM0BCNy9zQEIkMrNAQi5ys0BCL/QzQEIxtHNAQi61M0BCMrWzQEIp9jNAQj5wNQVGPKYzQEYudLNARjrjaUX
                                                      Sec-Fetch-Site: none
                                                      Sec-Fetch-Mode: navigate
                                                      Sec-Fetch-User: ?1
                                                      Sec-Fetch-Dest: document
                                                      Accept-Encoding: gzip, deflate, br
                                                      Accept-Language: en-US,en;q=0.9
                                                      2024-10-03 18:46:07 UTC1726INHTTP/1.1 301 Moved Permanently
                                                      Content-Type: application/binary
                                                      X-Content-Type-Options: nosniff
                                                      Expires: Thu, 03 Oct 2024 18:46:07 GMT
                                                      Date: Thu, 03 Oct 2024 18:46:07 GMT
                                                      Cache-Control: private, max-age=31536000
                                                      Location: https://www.youtube.com/account?=https%3A%2F%2Faccounts.google.com%2Fv3%2Fsignin%2Fchallenge%2Fpwd
                                                      X-Frame-Options: SAMEORIGIN
                                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                      Vary: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                      Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="youtube_main"
                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /cspreport
                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                      Report-To: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
                                                      Origin-Trial: AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+fgaI6XZgAzcxOrzNtP7hEDsOo1jdjFnVr2IdxQ4AAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTc1ODA2NzE5OSwiaXNTdWJkb21haW4iOnRydWV9
                                                      Server: ESF
                                                      Content-Length: 0
                                                      X-XSS-Protection: 0
                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                      Connection: close


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      1192.168.2.1049712142.250.181.2384437808C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      TimestampBytes transferredDirectionData
                                                      2024-10-03 18:46:08 UTC869OUTGET /account?=https%3A%2F%2Faccounts.google.com%2Fv3%2Fsignin%2Fchallenge%2Fpwd HTTP/1.1
                                                      Host: www.youtube.com
                                                      Connection: keep-alive
                                                      Upgrade-Insecure-Requests: 1
                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                      X-Client-Data: CJe2yQEIo7bJAQipncoBCJr0ygEIkqHLAQiFoM0BCNy9zQEIkMrNAQi5ys0BCL/QzQEIxtHNAQi61M0BCMrWzQEIp9jNAQj5wNQVGPKYzQEYudLNARjrjaUX
                                                      Sec-Fetch-Site: none
                                                      Sec-Fetch-Mode: navigate
                                                      Sec-Fetch-User: ?1
                                                      Sec-Fetch-Dest: document
                                                      sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                      sec-ch-ua-mobile: ?0
                                                      sec-ch-ua-platform: "Windows"
                                                      Accept-Encoding: gzip, deflate, br
                                                      Accept-Language: en-US,en;q=0.9
                                                      2024-10-03 18:46:08 UTC2634INHTTP/1.1 303 See Other
                                                      Content-Type: application/binary
                                                      X-Content-Type-Options: nosniff
                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                      Pragma: no-cache
                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                      Date: Thu, 03 Oct 2024 18:46:08 GMT
                                                      Location: https://accounts.google.com/ServiceLogin?service=youtube&uilel=3&passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Faccount%253F%253Dhttps%25253A%25252F%25252Faccounts.google.com%25252Fv3%25252Fsignin%25252Fchallenge%25252Fpwd%26feature%3Dredirect_login&hl=en
                                                      Strict-Transport-Security: max-age=31536000
                                                      X-Frame-Options: SAMEORIGIN
                                                      Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="youtube_main"
                                                      Content-Security-Policy: require-trusted-types-for 'script'
                                                      Origin-Trial: AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+fgaI6XZgAzcxOrzNtP7hEDsOo1jdjFnVr2IdxQ4AAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTc1ODA2NzE5OSwiaXNTdWJkb21haW4iOnRydWV9
                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                      Vary: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                      Report-To: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                      P3P: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
                                                      Server: ESF
                                                      Content-Length: 0
                                                      X-XSS-Protection: 0
                                                      Set-Cookie: GPS=1; Domain=.youtube.com; Expires=Thu, 03-Oct-2024 19:16:08 GMT; Path=/; Secure; HttpOnly
                                                      Set-Cookie: YSC=joJgKPuwPFI; Domain=.youtube.com; Path=/; Secure; HttpOnly; SameSite=none; Partitioned
                                                      Set-Cookie: VISITOR_INFO1_LIVE=-7K3H-s6Reg; Domain=.youtube.com; Expires=Tue, 01-Apr-2025 18:46:08 GMT; Path=/; Secure; HttpOnly; SameSite=none; Partitioned
                                                      Set-Cookie: VISITOR_PRIVACY_METADATA=CgJVUxIEGgAgOA%3D%3D; Domain=.youtube.com; Expires=Tue, 01-Apr-2025 18:46:08 GMT; Path=/; Secure; HttpOnly; SameSite=none; Partitioned
                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                      Connection: close


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      2192.168.2.1049719184.28.90.27443
                                                      TimestampBytes transferredDirectionData
                                                      2024-10-03 18:46:12 UTC161OUTHEAD /fs/windows/config.json HTTP/1.1
                                                      Connection: Keep-Alive
                                                      Accept: */*
                                                      Accept-Encoding: identity
                                                      User-Agent: Microsoft BITS/7.8
                                                      Host: fs.microsoft.com
                                                      2024-10-03 18:46:12 UTC467INHTTP/1.1 200 OK
                                                      Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                                                      Content-Type: application/octet-stream
                                                      ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                                                      Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                                                      Server: ECAcc (lpl/EF70)
                                                      X-CID: 11
                                                      X-Ms-ApiVersion: Distribute 1.2
                                                      X-Ms-Region: prod-neu-z1
                                                      Cache-Control: public, max-age=251941
                                                      Date: Thu, 03 Oct 2024 18:46:12 GMT
                                                      Connection: close
                                                      X-CID: 2


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      3192.168.2.1049723184.28.90.27443
                                                      TimestampBytes transferredDirectionData
                                                      2024-10-03 18:46:13 UTC239OUTGET /fs/windows/config.json HTTP/1.1
                                                      Connection: Keep-Alive
                                                      Accept: */*
                                                      Accept-Encoding: identity
                                                      If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT
                                                      Range: bytes=0-2147483646
                                                      User-Agent: Microsoft BITS/7.8
                                                      Host: fs.microsoft.com
                                                      2024-10-03 18:46:13 UTC515INHTTP/1.1 200 OK
                                                      ApiVersion: Distribute 1.1
                                                      Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                                                      Content-Type: application/octet-stream
                                                      ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                                                      Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                                                      Server: ECAcc (lpl/EF06)
                                                      X-CID: 11
                                                      X-Ms-ApiVersion: Distribute 1.2
                                                      X-Ms-Region: prod-weu-z1
                                                      Cache-Control: public, max-age=252015
                                                      Date: Thu, 03 Oct 2024 18:46:13 GMT
                                                      Content-Length: 55
                                                      Connection: close
                                                      X-CID: 2
                                                      2024-10-03 18:46:13 UTC55INData Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d
                                                      Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      4192.168.2.1049737142.250.185.1744437808C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      TimestampBytes transferredDirectionData
                                                      2024-10-03 18:46:16 UTC1236OUTGET /accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=1410101907&timestamp=1727981175312 HTTP/1.1
                                                      Host: accounts.youtube.com
                                                      Connection: keep-alive
                                                      sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                      sec-ch-ua-mobile: ?0
                                                      sec-ch-ua-full-version: "117.0.5938.149"
                                                      sec-ch-ua-arch: "x86"
                                                      sec-ch-ua-platform: "Windows"
                                                      sec-ch-ua-platform-version: "10.0.0"
                                                      sec-ch-ua-model: ""
                                                      sec-ch-ua-bitness: "64"
                                                      sec-ch-ua-wow64: ?0
                                                      sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.149", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.149"
                                                      Upgrade-Insecure-Requests: 1
                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                      X-Client-Data: CJe2yQEIo7bJAQipncoBCJr0ygEIkqHLAQiFoM0BCNy9zQEIkMrNAQi5ys0BCL/QzQEIxtHNAQi61M0BCMrWzQEIp9jNAQj5wNQVGPKYzQEYudLNARjrjaUX
                                                      Sec-Fetch-Site: cross-site
                                                      Sec-Fetch-Mode: navigate
                                                      Sec-Fetch-User: ?1
                                                      Sec-Fetch-Dest: iframe
                                                      Referer: https://accounts.google.com/
                                                      Accept-Encoding: gzip, deflate, br
                                                      Accept-Language: en-US,en;q=0.9
                                                      2024-10-03 18:46:16 UTC1969INHTTP/1.1 200 OK
                                                      Content-Type: text/html; charset=utf-8
                                                      X-Frame-Options: ALLOW-FROM https://accounts.google.com
                                                      Content-Security-Policy: frame-ancestors https://accounts.google.com
                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-XUiHQ9Mi3Ov-DidlELgGng' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsDomainCookiesCheckConnectionHttp/cspreport;worker-src 'self'
                                                      Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsDomainCookiesCheckConnectionHttp/cspreport/allowlist
                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/AccountsDomainCookiesCheckConnectionHttp/cspreport
                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                      Pragma: no-cache
                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                      Date: Thu, 03 Oct 2024 18:46:16 GMT
                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                      Cross-Origin-Resource-Policy: cross-origin
                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                      Cross-Origin-Opener-Policy: same-origin
                                                      reporting-endpoints: default="/_/AccountsDomainCookiesCheckConnectionHttp/web-reports?context=eJzjstDikmLw1ZBikPj6kkkDiJ3SZ7AGAXHSv_OsRUB8ufsS63UgVu25xGoKxEUSV1ibgFiIh-PHmd_b2QQ6pp7tZFbSS8ovjM9MSc0rySypTMnPTczMS87Pz85MLS5OLSpLLYo3MjAyMbA0stQzsIgvMAAA6eYtpw"
                                                      Server: ESF
                                                      X-XSS-Protection: 0
                                                      X-Content-Type-Options: nosniff
                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                      Accept-Ranges: none
                                                      Vary: Accept-Encoding
                                                      Connection: close
                                                      Transfer-Encoding: chunked
                                                      2024-10-03 18:46:16 UTC1969INData Raw: 37 36 31 63 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 20 6e 6f 6e 63 65 3d 22 58 55 69 48 51 39 4d 69 33 4f 76 2d 44 69 64 6c 45 4c 67 47 6e 67 22 3e 22 75 73 65 20 73 74 72 69 63 74 22 3b 74 68 69 73 2e 64 65 66 61 75 6c 74 5f 41 63 63 6f 75 6e 74 73 44 6f 6d 61 69 6e 63 6f 6f 6b 69 65 73 43 68 65 63 6b 63 6f 6e 6e 65 63 74 69 6f 6e 4a 73 3d 74 68 69 73 2e 64 65 66 61 75 6c 74 5f 41 63 63 6f 75 6e 74 73 44 6f 6d 61 69 6e 63 6f 6f 6b 69 65 73 43 68 65 63 6b 63 6f 6e 6e 65 63 74 69 6f 6e 4a 73 7c 7c 7b 7d 3b 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 72 20 77 69 6e 64 6f 77 3d 74 68 69 73 3b 0a 74 72 79 7b 0a 5f 2e 5f 46 5f 74 6f 67 67 6c 65 73 5f 69 6e 69 74 69 61 6c 69 7a 65 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 28 74 79 70 65 6f
                                                      Data Ascii: 761c<html><head><script nonce="XUiHQ9Mi3Ov-DidlELgGng">"use strict";this.default_AccountsDomaincookiesCheckconnectionJs=this.default_AccountsDomaincookiesCheckconnectionJs||{};(function(_){var window=this;try{_._F_toggles_initialize=function(a){(typeo
                                                      2024-10-03 18:46:16 UTC1969INData Raw: 54 72 69 64 65 6e 74 5c 2f 28 5c 64 2e 5c 64 29 2f 2e 65 78 65 63 28 62 29 2c 0a 63 5b 31 5d 3d 3d 22 37 2e 30 22 29 69 66 28 62 26 26 62 5b 31 5d 29 73 77 69 74 63 68 28 62 5b 31 5d 29 7b 63 61 73 65 20 22 34 2e 30 22 3a 61 3d 22 38 2e 30 22 3b 62 72 65 61 6b 3b 63 61 73 65 20 22 35 2e 30 22 3a 61 3d 22 39 2e 30 22 3b 62 72 65 61 6b 3b 63 61 73 65 20 22 36 2e 30 22 3a 61 3d 22 31 30 2e 30 22 3b 62 72 65 61 6b 3b 63 61 73 65 20 22 37 2e 30 22 3a 61 3d 22 31 31 2e 30 22 7d 65 6c 73 65 20 61 3d 22 37 2e 30 22 3b 65 6c 73 65 20 61 3d 63 5b 31 5d 3b 62 3d 61 7d 65 6c 73 65 20 62 3d 22 22 3b 72 65 74 75 72 6e 20 62 7d 76 61 72 20 64 3d 52 65 67 45 78 70 28 22 28 5b 41 2d 5a 5d 5b 5c 5c 77 20 5d 2b 29 2f 28 5b 5e 5c 5c 73 5d 2b 29 5c 5c 73 2a 28 3f 3a 5c 5c 28
                                                      Data Ascii: Trident\/(\d.\d)/.exec(b),c[1]=="7.0")if(b&&b[1])switch(b[1]){case "4.0":a="8.0";break;case "5.0":a="9.0";break;case "6.0":a="10.0";break;case "7.0":a="11.0"}else a="7.0";else a=c[1];b=a}else b="";return b}var d=RegExp("([A-Z][\\w ]+)/([^\\s]+)\\s*(?:\\(
                                                      2024-10-03 18:46:16 UTC1969INData Raw: 74 63 68 28 74 79 70 65 6f 66 20 61 29 7b 63 61 73 65 20 22 6e 75 6d 62 65 72 22 3a 72 65 74 75 72 6e 20 69 73 46 69 6e 69 74 65 28 61 29 3f 61 3a 53 74 72 69 6e 67 28 61 29 3b 63 61 73 65 20 22 62 69 67 69 6e 74 22 3a 72 65 74 75 72 6e 28 41 61 3f 0a 61 3e 3d 42 61 26 26 61 3c 3d 43 61 3a 61 5b 30 5d 3d 3d 3d 22 2d 22 3f 75 61 28 61 2c 44 61 29 3a 75 61 28 61 2c 45 61 29 29 3f 4e 75 6d 62 65 72 28 61 29 3a 53 74 72 69 6e 67 28 61 29 3b 63 61 73 65 20 22 62 6f 6f 6c 65 61 6e 22 3a 72 65 74 75 72 6e 20 61 3f 31 3a 30 3b 63 61 73 65 20 22 6f 62 6a 65 63 74 22 3a 69 66 28 61 29 69 66 28 41 72 72 61 79 2e 69 73 41 72 72 61 79 28 61 29 29 7b 69 66 28 43 28 61 29 29 72 65 74 75 72 6e 7d 65 6c 73 65 20 69 66 28 46 61 26 26 61 21 3d 6e 75 6c 6c 26 26 61 20 69 6e
                                                      Data Ascii: tch(typeof a){case "number":return isFinite(a)?a:String(a);case "bigint":return(Aa?a>=Ba&&a<=Ca:a[0]==="-"?ua(a,Da):ua(a,Ea))?Number(a):String(a);case "boolean":return a?1:0;case "object":if(a)if(Array.isArray(a)){if(C(a))return}else if(Fa&&a!=null&&a in
                                                      2024-10-03 18:46:16 UTC1969INData Raw: 7b 76 61 72 20 62 3b 69 66 28 61 26 26 28 62 3d 51 61 29 21 3d 6e 75 6c 6c 26 26 62 2e 68 61 73 28 61 29 26 26 28 62 3d 61 2e 43 29 29 66 6f 72 28 76 61 72 20 63 3d 30 3b 63 3c 62 2e 6c 65 6e 67 74 68 3b 63 2b 2b 29 7b 76 61 72 20 64 3d 62 5b 63 5d 3b 69 66 28 63 3d 3d 3d 62 2e 6c 65 6e 67 74 68 2d 31 26 26 41 28 64 29 29 66 6f 72 28 76 61 72 20 65 20 69 6e 20 64 29 7b 76 61 72 20 66 3d 64 5b 65 5d 3b 41 72 72 61 79 2e 69 73 41 72 72 61 79 28 66 29 26 26 0a 52 61 28 66 2c 61 29 7d 65 6c 73 65 20 41 72 72 61 79 2e 69 73 41 72 72 61 79 28 64 29 26 26 52 61 28 64 2c 61 29 7d 61 3d 45 3f 61 2e 43 3a 4d 61 28 61 2e 43 2c 50 61 2c 76 6f 69 64 20 30 2c 76 6f 69 64 20 30 2c 21 31 29 3b 65 3d 21 45 3b 69 66 28 62 3d 61 2e 6c 65 6e 67 74 68 29 7b 64 3d 61 5b 62 2d
                                                      Data Ascii: {var b;if(a&&(b=Qa)!=null&&b.has(a)&&(b=a.C))for(var c=0;c<b.length;c++){var d=b[c];if(c===b.length-1&&A(d))for(var e in d){var f=d[e];Array.isArray(f)&&Ra(f,a)}else Array.isArray(d)&&Ra(d,a)}a=E?a.C:Ma(a.C,Pa,void 0,void 0,!1);e=!E;if(b=a.length){d=a[b-
                                                      2024-10-03 18:46:16 UTC1969INData Raw: 6f 6c 2e 69 74 65 72 61 74 6f 72 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 61 29 72 65 74 75 72 6e 20 61 3b 61 3d 53 79 6d 62 6f 6c 28 22 63 22 29 3b 66 6f 72 28 76 61 72 20 62 3d 22 41 72 72 61 79 20 49 6e 74 38 41 72 72 61 79 20 55 69 6e 74 38 41 72 72 61 79 20 55 69 6e 74 38 43 6c 61 6d 70 65 64 41 72 72 61 79 20 49 6e 74 31 36 41 72 72 61 79 20 55 69 6e 74 31 36 41 72 72 61 79 20 49 6e 74 33 32 41 72 72 61 79 20 55 69 6e 74 33 32 41 72 72 61 79 20 46 6c 6f 61 74 33 32 41 72 72 61 79 20 46 6c 6f 61 74 36 34 41 72 72 61 79 22 2e 73 70 6c 69 74 28 22 20 22 29 2c 63 3d 30 3b 63 3c 62 2e 6c 65 6e 67 74 68 3b 63 2b 2b 29 7b 76 61 72 20 64 3d 57 61 5b 62 5b 63 5d 5d 3b 74 79 70 65 6f 66 20 64 3d 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 26 26 74 79 70 65
                                                      Data Ascii: ol.iterator",function(a){if(a)return a;a=Symbol("c");for(var b="Array Int8Array Uint8Array Uint8ClampedArray Int16Array Uint16Array Int32Array Uint32Array Float32Array Float64Array".split(" "),c=0;c<b.length;c++){var d=Wa[b[c]];typeof d==="function"&&type
                                                      2024-10-03 18:46:16 UTC1969INData Raw: 29 3b 65 28 22 66 72 65 65 7a 65 22 29 3b 65 28 22 70 72 65 76 65 6e 74 45 78 74 65 6e 73 69 6f 6e 73 22 29 3b 65 28 22 73 65 61 6c 22 29 3b 76 61 72 20 68 3d 30 2c 67 3d 66 75 6e 63 74 69 6f 6e 28 6b 29 7b 74 68 69 73 2e 67 3d 28 68 2b 3d 4d 61 74 68 2e 72 61 6e 64 6f 6d 28 29 2b 31 29 2e 74 6f 53 74 72 69 6e 67 28 29 3b 69 66 28 6b 29 7b 6b 3d 48 28 6b 29 3b 66 6f 72 28 76 61 72 20 6c 3b 21 28 6c 3d 6b 2e 6e 65 78 74 28 29 29 2e 64 6f 6e 65 3b 29 6c 3d 6c 2e 76 61 6c 75 65 2c 74 68 69 73 2e 73 65 74 28 6c 5b 30 5d 2c 6c 5b 31 5d 29 7d 7d 3b 67 2e 70 72 6f 74 6f 74 79 70 65 2e 73 65 74 3d 66 75 6e 63 74 69 6f 6e 28 6b 2c 6c 29 7b 69 66 28 21 63 28 6b 29 29 74 68 72 6f 77 20 45 72 72 6f 72 28 22 69 22 29 3b 64 28 6b 29 3b 69 66 28 21 49 28 6b 2c 66 29 29
                                                      Data Ascii: );e("freeze");e("preventExtensions");e("seal");var h=0,g=function(k){this.g=(h+=Math.random()+1).toString();if(k){k=H(k);for(var l;!(l=k.next()).done;)l=l.value,this.set(l[0],l[1])}};g.prototype.set=function(k,l){if(!c(k))throw Error("i");d(k);if(!I(k,f))
                                                      2024-10-03 18:46:16 UTC1969INData Raw: 75 72 6e 20 67 2e 76 61 6c 75 65 7d 29 7d 3b 63 2e 70 72 6f 74 6f 74 79 70 65 2e 66 6f 72 45 61 63 68 3d 66 75 6e 63 74 69 6f 6e 28 67 2c 6b 29 7b 66 6f 72 28 76 61 72 20 6c 3d 74 68 69 73 2e 65 6e 74 72 69 65 73 28 29 2c 6d 3b 21 28 6d 3d 6c 2e 6e 65 78 74 28 29 29 2e 64 6f 6e 65 3b 29 6d 3d 0a 6d 2e 76 61 6c 75 65 2c 67 2e 63 61 6c 6c 28 6b 2c 6d 5b 31 5d 2c 6d 5b 30 5d 2c 74 68 69 73 29 7d 3b 63 2e 70 72 6f 74 6f 74 79 70 65 5b 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 5d 3d 63 2e 70 72 6f 74 6f 74 79 70 65 2e 65 6e 74 72 69 65 73 3b 76 61 72 20 64 3d 66 75 6e 63 74 69 6f 6e 28 67 2c 6b 29 7b 76 61 72 20 6c 3d 6b 26 26 74 79 70 65 6f 66 20 6b 3b 6c 3d 3d 22 6f 62 6a 65 63 74 22 7c 7c 6c 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 3f 62 2e 68 61 73 28 6b 29
                                                      Data Ascii: urn g.value})};c.prototype.forEach=function(g,k){for(var l=this.entries(),m;!(m=l.next()).done;)m=m.value,g.call(k,m[1],m[0],this)};c.prototype[Symbol.iterator]=c.prototype.entries;var d=function(g,k){var l=k&&typeof k;l=="object"||l=="function"?b.has(k)
                                                      2024-10-03 18:46:16 UTC1969INData Raw: 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 3f 61 3a 66 75 6e 63 74 69 6f 6e 28 62 29 7b 72 65 74 75 72 6e 20 74 79 70 65 6f 66 20 62 3d 3d 3d 22 6e 75 6d 62 65 72 22 26 26 69 73 4e 61 4e 28 62 29 7d 7d 29 3b 76 61 72 20 66 62 3d 66 62 7c 7c 7b 7d 2c 71 3d 74 68 69 73 7c 7c 73 65 6c 66 2c 67 62 3d 71 2e 5f 46 5f 74 6f 67 67 6c 65 73 7c 7c 5b 5d 2c 68 62 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 61 3d 61 2e 73 70 6c 69 74 28 22 2e 22 29 3b 66 6f 72 28 76 61 72 20 62 3d 71 2c 63 3d 30 3b 63 3c 61 2e 6c 65 6e 67 74 68 3b 63 2b 2b 29 69 66 28 62 3d 62 5b 61 5b 63 5d 5d 2c 62 3d 3d 6e 75 6c 6c 29 72 65 74 75 72 6e 20 6e 75 6c 6c 3b 72 65 74 75 72 6e 20 62 7d 2c 69 62 3d 22 63 6c 6f 73 75 72 65 5f 75 69 64 5f 22 2b 28 4d 61 74 68 2e 72 61 6e 64 6f 6d 28 29 2a 31 45
                                                      Data Ascii: on(a){return a?a:function(b){return typeof b==="number"&&isNaN(b)}});var fb=fb||{},q=this||self,gb=q._F_toggles||[],hb=function(a){a=a.split(".");for(var b=q,c=0;c<a.length;c++)if(b=b[a[c]],b==null)return null;return b},ib="closure_uid_"+(Math.random()*1E
                                                      2024-10-03 18:46:17 UTC1969INData Raw: 74 65 78 74 5f 5f 39 38 34 33 38 32 3d 7b 7d 29 3b 61 2e 5f 5f 63 6c 6f 73 75 72 65 5f 5f 65 72 72 6f 72 5f 5f 63 6f 6e 74 65 78 74 5f 5f 39 38 34 33 38 32 2e 73 65 76 65 72 69 74 79 3d 62 7d 3b 76 61 72 20 71 62 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 63 3d 63 7c 7c 71 3b 76 61 72 20 64 3d 63 2e 6f 6e 65 72 72 6f 72 2c 65 3d 21 21 62 3b 63 2e 6f 6e 65 72 72 6f 72 3d 66 75 6e 63 74 69 6f 6e 28 66 2c 68 2c 67 2c 6b 2c 6c 29 7b 64 26 26 64 28 66 2c 68 2c 67 2c 6b 2c 6c 29 3b 61 28 7b 6d 65 73 73 61 67 65 3a 66 2c 66 69 6c 65 4e 61 6d 65 3a 68 2c 6c 69 6e 65 3a 67 2c 6c 69 6e 65 4e 75 6d 62 65 72 3a 67 2c 62 61 3a 6b 2c 65 72 72 6f 72 3a 6c 7d 29 3b 72 65 74 75 72 6e 20 65 7d 7d 2c 74 62 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 68
                                                      Data Ascii: text__984382={});a.__closure__error__context__984382.severity=b};var qb=function(a,b,c){c=c||q;var d=c.onerror,e=!!b;c.onerror=function(f,h,g,k,l){d&&d(f,h,g,k,l);a({message:f,fileName:h,line:g,lineNumber:g,ba:k,error:l});return e}},tb=function(a){var b=h
                                                      2024-10-03 18:46:17 UTC1969INData Raw: 22 6e 75 6d 62 65 72 22 3a 66 3d 53 74 72 69 6e 67 28 66 29 3b 62 72 65 61 6b 3b 63 61 73 65 20 22 62 6f 6f 6c 65 61 6e 22 3a 66 3d 66 3f 22 74 72 75 65 22 3a 22 66 61 6c 73 65 22 3b 62 72 65 61 6b 3b 63 61 73 65 20 22 66 75 6e 63 74 69 6f 6e 22 3a 66 3d 28 66 3d 73 62 28 66 29 29 3f 66 3a 22 5b 66 6e 5d 22 3b 62 72 65 61 6b 3b 64 65 66 61 75 6c 74 3a 66 3d 0a 74 79 70 65 6f 66 20 66 7d 66 2e 6c 65 6e 67 74 68 3e 34 30 26 26 28 66 3d 66 2e 73 6c 69 63 65 28 30 2c 34 30 29 2b 22 2e 2e 2e 22 29 3b 63 2e 70 75 73 68 28 66 29 7d 62 2e 70 75 73 68 28 61 29 3b 63 2e 70 75 73 68 28 22 29 5c 6e 22 29 3b 74 72 79 7b 63 2e 70 75 73 68 28 77 62 28 61 2e 63 61 6c 6c 65 72 2c 62 29 29 7d 63 61 74 63 68 28 68 29 7b 63 2e 70 75 73 68 28 22 5b 65 78 63 65 70 74 69 6f 6e
                                                      Data Ascii: "number":f=String(f);break;case "boolean":f=f?"true":"false";break;case "function":f=(f=sb(f))?f:"[fn]";break;default:f=typeof f}f.length>40&&(f=f.slice(0,40)+"...");c.push(f)}b.push(a);c.push(")\n");try{c.push(wb(a.caller,b))}catch(h){c.push("[exception


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      5192.168.2.1049740142.250.186.1424437808C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      TimestampBytes transferredDirectionData
                                                      2024-10-03 18:46:17 UTC549OUTOPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/1.1
                                                      Host: play.google.com
                                                      Connection: keep-alive
                                                      Accept: */*
                                                      Access-Control-Request-Method: POST
                                                      Access-Control-Request-Headers: x-goog-authuser
                                                      Origin: https://accounts.google.com
                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                      Sec-Fetch-Mode: cors
                                                      Sec-Fetch-Site: same-site
                                                      Sec-Fetch-Dest: empty
                                                      Referer: https://accounts.google.com/
                                                      Accept-Encoding: gzip, deflate, br
                                                      Accept-Language: en-US,en;q=0.9
                                                      2024-10-03 18:46:18 UTC520INHTTP/1.1 200 OK
                                                      Access-Control-Allow-Origin: https://accounts.google.com
                                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                      Access-Control-Max-Age: 86400
                                                      Access-Control-Allow-Credentials: true
                                                      Access-Control-Allow-Headers: X-Playlog-Web,authorization,origin,x-goog-authuser
                                                      Content-Type: text/plain; charset=UTF-8
                                                      Date: Thu, 03 Oct 2024 18:46:18 GMT
                                                      Server: Playlog
                                                      Content-Length: 0
                                                      X-XSS-Protection: 0
                                                      X-Frame-Options: SAMEORIGIN
                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                      Connection: close


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      6192.168.2.1049741142.250.186.1424437808C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      TimestampBytes transferredDirectionData
                                                      2024-10-03 18:46:17 UTC549OUTOPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/1.1
                                                      Host: play.google.com
                                                      Connection: keep-alive
                                                      Accept: */*
                                                      Access-Control-Request-Method: POST
                                                      Access-Control-Request-Headers: x-goog-authuser
                                                      Origin: https://accounts.google.com
                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                      Sec-Fetch-Mode: cors
                                                      Sec-Fetch-Site: same-site
                                                      Sec-Fetch-Dest: empty
                                                      Referer: https://accounts.google.com/
                                                      Accept-Encoding: gzip, deflate, br
                                                      Accept-Language: en-US,en;q=0.9
                                                      2024-10-03 18:46:18 UTC520INHTTP/1.1 200 OK
                                                      Access-Control-Allow-Origin: https://accounts.google.com
                                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                      Access-Control-Max-Age: 86400
                                                      Access-Control-Allow-Credentials: true
                                                      Access-Control-Allow-Headers: X-Playlog-Web,authorization,origin,x-goog-authuser
                                                      Content-Type: text/plain; charset=UTF-8
                                                      Date: Thu, 03 Oct 2024 18:46:18 GMT
                                                      Server: Playlog
                                                      Content-Length: 0
                                                      X-XSS-Protection: 0
                                                      X-Frame-Options: SAMEORIGIN
                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                      Connection: close


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      7192.168.2.1049745142.250.186.1424437808C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      TimestampBytes transferredDirectionData
                                                      2024-10-03 18:46:18 UTC1124OUTPOST /log?format=json&hasfast=true&authuser=0 HTTP/1.1
                                                      Host: play.google.com
                                                      Connection: keep-alive
                                                      Content-Length: 519
                                                      sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                      sec-ch-ua-mobile: ?0
                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                      sec-ch-ua-arch: "x86"
                                                      Content-Type: application/x-www-form-urlencoded;charset=UTF-8
                                                      sec-ch-ua-full-version: "117.0.5938.149"
                                                      sec-ch-ua-platform-version: "10.0.0"
                                                      X-Goog-AuthUser: 0
                                                      sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.149", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.149"
                                                      sec-ch-ua-bitness: "64"
                                                      sec-ch-ua-model: ""
                                                      sec-ch-ua-wow64: ?0
                                                      sec-ch-ua-platform: "Windows"
                                                      Accept: */*
                                                      Origin: https://accounts.google.com
                                                      X-Client-Data: CJe2yQEIo7bJAQipncoBCJr0ygEIkqHLAQiFoM0BCNy9zQEIkMrNAQi5ys0BCL/QzQEIxtHNAQi61M0BCMrWzQEIp9jNAQj5wNQVGPKYzQEYudLNARjrjaUX
                                                      Sec-Fetch-Site: same-site
                                                      Sec-Fetch-Mode: cors
                                                      Sec-Fetch-Dest: empty
                                                      Referer: https://accounts.google.com/
                                                      Accept-Encoding: gzip, deflate, br
                                                      Accept-Language: en-US,en;q=0.9
                                                      2024-10-03 18:46:18 UTC519OUTData Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 65 6e 22 2c 6e 75 6c 6c 2c 22 33 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 34 39 22 5d 2c 5b 31 2c 30 2c 30 2c 30 2c 30 5d 5d 5d 2c 31 38 32 38 2c 5b 5b 22 31 37 32 37 39 38 31 31 37 36 34 35 38 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c
                                                      Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,"en",null,"31",null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.149"],[1,0,0,0,0]]],1828,[["1727981176458",null,null,null
                                                      2024-10-03 18:46:18 UTC933INHTTP/1.1 200 OK
                                                      Access-Control-Allow-Origin: https://accounts.google.com
                                                      Cross-Origin-Resource-Policy: cross-origin
                                                      Access-Control-Allow-Credentials: true
                                                      Access-Control-Allow-Headers: X-Playlog-Web
                                                      Set-Cookie: NID=518=A8mBJyMrOo-IQieyKPIHchus0IRPDUs4oIyucpIS6rzgczGd51vU52ECGg20mNyqMIEShFcYJ-eqfxtXpoeeeyFYk4BtjKKDgSz6V8jqUooAAzApd00QyrjzLNee-rCCOVhxJd7lICvKccdehUucwcVNs1bMJPahsl7TEA_WF9K6WR_kM_U; expires=Fri, 04-Apr-2025 18:46:18 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
                                                      P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                      Content-Type: text/plain; charset=UTF-8
                                                      Date: Thu, 03 Oct 2024 18:46:18 GMT
                                                      Server: Playlog
                                                      Cache-Control: private
                                                      X-XSS-Protection: 0
                                                      X-Frame-Options: SAMEORIGIN
                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                      Accept-Ranges: none
                                                      Vary: Accept-Encoding
                                                      Expires: Thu, 03 Oct 2024 18:46:18 GMT
                                                      Connection: close
                                                      Transfer-Encoding: chunked
                                                      2024-10-03 18:46:18 UTC137INData Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a
                                                      Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
                                                      2024-10-03 18:46:18 UTC5INData Raw: 30 0d 0a 0d 0a
                                                      Data Ascii: 0


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      8192.168.2.1049747142.250.186.1424437808C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      TimestampBytes transferredDirectionData
                                                      2024-10-03 18:46:18 UTC1124OUTPOST /log?format=json&hasfast=true&authuser=0 HTTP/1.1
                                                      Host: play.google.com
                                                      Connection: keep-alive
                                                      Content-Length: 519
                                                      sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                      sec-ch-ua-mobile: ?0
                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                      sec-ch-ua-arch: "x86"
                                                      Content-Type: application/x-www-form-urlencoded;charset=UTF-8
                                                      sec-ch-ua-full-version: "117.0.5938.149"
                                                      sec-ch-ua-platform-version: "10.0.0"
                                                      X-Goog-AuthUser: 0
                                                      sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.149", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.149"
                                                      sec-ch-ua-bitness: "64"
                                                      sec-ch-ua-model: ""
                                                      sec-ch-ua-wow64: ?0
                                                      sec-ch-ua-platform: "Windows"
                                                      Accept: */*
                                                      Origin: https://accounts.google.com
                                                      X-Client-Data: CJe2yQEIo7bJAQipncoBCJr0ygEIkqHLAQiFoM0BCNy9zQEIkMrNAQi5ys0BCL/QzQEIxtHNAQi61M0BCMrWzQEIp9jNAQj5wNQVGPKYzQEYudLNARjrjaUX
                                                      Sec-Fetch-Site: same-site
                                                      Sec-Fetch-Mode: cors
                                                      Sec-Fetch-Dest: empty
                                                      Referer: https://accounts.google.com/
                                                      Accept-Encoding: gzip, deflate, br
                                                      Accept-Language: en-US,en;q=0.9
                                                      2024-10-03 18:46:18 UTC519OUTData Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 65 6e 22 2c 6e 75 6c 6c 2c 22 33 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 34 39 22 5d 2c 5b 31 2c 30 2c 30 2c 30 2c 30 5d 5d 5d 2c 31 38 32 38 2c 5b 5b 22 31 37 32 37 39 38 31 31 37 36 35 36 38 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c
                                                      Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,"en",null,"31",null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.149"],[1,0,0,0,0]]],1828,[["1727981176568",null,null,null
                                                      2024-10-03 18:46:19 UTC932INHTTP/1.1 200 OK
                                                      Access-Control-Allow-Origin: https://accounts.google.com
                                                      Cross-Origin-Resource-Policy: cross-origin
                                                      Access-Control-Allow-Credentials: true
                                                      Access-Control-Allow-Headers: X-Playlog-Web
                                                      Set-Cookie: NID=518=j-qwZ8WBmj0LjVYhyNu2BccejTJhr9A4MvK_W-CNEXu1DTrPBIe6mp2tG2Ldn7f74IeFtJbVo-RHMnCjCeg5Izw1K1ZkU425gp4O4y85HIk5CtIswVhlIkji7LfhTPUt2uRRUNNelQSm_qR98I1g07dIXGYmzHihDxvOUQvzPszHfne6_g; expires=Fri, 04-Apr-2025 18:46:18 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
                                                      P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                      Content-Type: text/plain; charset=UTF-8
                                                      Date: Thu, 03 Oct 2024 18:46:18 GMT
                                                      Server: Playlog
                                                      Cache-Control: private
                                                      X-XSS-Protection: 0
                                                      X-Frame-Options: SAMEORIGIN
                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                      Accept-Ranges: none
                                                      Vary: Accept-Encoding
                                                      Expires: Thu, 03 Oct 2024 18:46:18 GMT
                                                      Connection: close
                                                      Transfer-Encoding: chunked
                                                      2024-10-03 18:46:19 UTC137INData Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a
                                                      Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
                                                      2024-10-03 18:46:19 UTC5INData Raw: 30 0d 0a 0d 0a
                                                      Data Ascii: 0


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      9192.168.2.1049717216.58.212.1324437808C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      TimestampBytes transferredDirectionData
                                                      2024-10-03 18:46:19 UTC1213OUTGET /favicon.ico HTTP/1.1
                                                      Host: www.google.com
                                                      Connection: keep-alive
                                                      sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                      sec-ch-ua-mobile: ?0
                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                      sec-ch-ua-arch: "x86"
                                                      sec-ch-ua-full-version: "117.0.5938.149"
                                                      sec-ch-ua-platform-version: "10.0.0"
                                                      sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.149", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.149"
                                                      sec-ch-ua-bitness: "64"
                                                      sec-ch-ua-model: ""
                                                      sec-ch-ua-wow64: ?0
                                                      sec-ch-ua-platform: "Windows"
                                                      Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                      X-Client-Data: CJe2yQEIo7bJAQipncoBCJr0ygEIkqHLAQiFoM0BCNy9zQEIkMrNAQi5ys0BCL/QzQEIxtHNAQi61M0BCMrWzQEIp9jNAQj5wNQVGPKYzQEYudLNARjrjaUX
                                                      Sec-Fetch-Site: same-site
                                                      Sec-Fetch-Mode: no-cors
                                                      Sec-Fetch-Dest: image
                                                      Referer: https://accounts.google.com/
                                                      Accept-Encoding: gzip, deflate, br
                                                      Accept-Language: en-US,en;q=0.9
                                                      Cookie: NID=518=j-qwZ8WBmj0LjVYhyNu2BccejTJhr9A4MvK_W-CNEXu1DTrPBIe6mp2tG2Ldn7f74IeFtJbVo-RHMnCjCeg5Izw1K1ZkU425gp4O4y85HIk5CtIswVhlIkji7LfhTPUt2uRRUNNelQSm_qR98I1g07dIXGYmzHihDxvOUQvzPszHfne6_g
                                                      2024-10-03 18:46:19 UTC706INHTTP/1.1 200 OK
                                                      Accept-Ranges: bytes
                                                      Cross-Origin-Resource-Policy: cross-origin
                                                      Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="static-on-bigtable"
                                                      Report-To: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
                                                      Content-Length: 5430
                                                      X-Content-Type-Options: nosniff
                                                      Server: sffe
                                                      X-XSS-Protection: 0
                                                      Date: Thu, 03 Oct 2024 15:43:02 GMT
                                                      Expires: Fri, 11 Oct 2024 15:43:02 GMT
                                                      Cache-Control: public, max-age=691200
                                                      Last-Modified: Tue, 22 Oct 2019 18:30:00 GMT
                                                      Content-Type: image/x-icon
                                                      Vary: Accept-Encoding
                                                      Age: 10997
                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                      Connection: close
                                                      2024-10-03 18:46:19 UTC684INData Raw: 00 00 01 00 02 00 10 10 00 00 01 00 20 00 68 04 00 00 26 00 00 00 20 20 00 00 01 00 20 00 a8 10 00 00 8e 04 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 20 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 30 fd fd fd 96 fd fd fd d8 fd fd fd f9 fd fd fd f9 fd fd fd d7 fd fd fd 94 fe fe fe 2e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 09 fd fd fd 99 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 95 ff ff ff 08 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 09 fd fd fd c1 ff ff ff ff fa fd f9 ff b4 d9 a7 ff 76 ba 5d ff 58 ab 3a ff 58 aa 3a ff 72 b8 59 ff ac d5 9d ff f8 fb f6 ff ff
                                                      Data Ascii: h& ( 0.v]X:X:rY
                                                      2024-10-03 18:46:19 UTC1390INData Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd d8 fd fd fd 99 ff ff ff ff 92 cf fb ff 37 52 ec ff 38 46 ea ff d0 d4 fa ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 96 fe fe fe 32 ff ff ff ff f9 f9 fe ff 56 62 ed ff 35 43 ea ff 3b 49 eb ff 95 9c f4 ff cf d2 fa ff d1 d4 fa ff 96 9d f4 ff 52 5e ed ff e1 e3 fc ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 30 00 00 00 00 fd fd fd 9d ff ff ff ff e8 ea fd ff 58 63 ee ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 6c 76 f0 ff ff ff ff ff ff ff ff ff fd fd fd 98 00 00 00 00 00 00 00 00 ff ff ff 0a fd fd fd c3 ff ff ff ff f9 f9 fe ff a5 ac f6 ff 5d 69 ee ff 3c
                                                      Data Ascii: 7R8F2Vb5C;IR^0Xc5C5C5C5C5C5Clv]i<
                                                      2024-10-03 18:46:19 UTC1390INData Raw: ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd d0 ff ff ff 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fd fd fd 8b ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff b1 d8 a3 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 60 a5 35 ff ca 8e 3e ff f9 c1 9f ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 87 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 25 fd fd fd fb ff ff ff ff ff ff ff ff ff ff ff ff c2 e0 b7 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 6e b6 54 ff 9f ce 8d ff b7 da aa ff b8 db ab ff a5 d2 95 ff 7b bc 64 ff 54 a8 35 ff 53 a8 34 ff 77 a0 37 ff e3 89 41 ff f4 85 42 ff f4 85 42
                                                      Data Ascii: S4S4S4S4S4S4S4S4S4S4S4S4S4S4`5>%S4S4S4S4S4S4nT{dT5S4w7ABB
                                                      2024-10-03 18:46:19 UTC1390INData Raw: 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff fb d5 bf ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd ea fd fd fd cb ff ff ff ff ff ff ff ff ff ff ff ff 46 cd fc ff 05 bc fb ff 05 bc fb ff 05 bc fb ff 21 ae f9 ff fb fb ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd c8 fd fd fd 9c ff ff ff ff ff ff ff ff ff ff ff ff 86 df fd ff 05 bc fb ff 05 bc fb ff 15 93 f5 ff 34 49 eb ff b3 b8 f7 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
                                                      Data Ascii: BBBBBBBF!4I
                                                      2024-10-03 18:46:19 UTC576INData Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd d2 fe fe fe 24 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 0a fd fd fd 8d fd fd fd fc ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd fb fd fd fd 8b fe fe fe 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 27 fd fd fd 9f fd fd fd f7 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
                                                      Data Ascii: $'


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      10192.168.2.10497494.245.163.56443
                                                      TimestampBytes transferredDirectionData
                                                      2024-10-03 18:46:20 UTC306OUTGET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=pCDAy6F2aV+PyEZ&MD=xDX9xu4B HTTP/1.1
                                                      Connection: Keep-Alive
                                                      Accept: */*
                                                      User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                                      Host: slscr.update.microsoft.com
                                                      2024-10-03 18:46:20 UTC560INHTTP/1.1 200 OK
                                                      Cache-Control: no-cache
                                                      Pragma: no-cache
                                                      Content-Type: application/octet-stream
                                                      Expires: -1
                                                      Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                                      ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880"
                                                      MS-CorrelationId: 7795b30b-b5d9-4bfd-80b9-694658ee35df
                                                      MS-RequestId: 8c717edb-e460-4ada-939c-1a189272bb93
                                                      MS-CV: KP1Pjyj9hECSFHBj.0
                                                      X-Microsoft-SLSClientCache: 2880
                                                      Content-Disposition: attachment; filename=environment.cab
                                                      X-Content-Type-Options: nosniff
                                                      Date: Thu, 03 Oct 2024 18:46:20 GMT
                                                      Connection: close
                                                      Content-Length: 24490
                                                      2024-10-03 18:46:20 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58
                                                      Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
                                                      2024-10-03 18:46:20 UTC8666INData Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31
                                                      Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      11192.168.2.1049758142.250.186.1424437808C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      TimestampBytes transferredDirectionData
                                                      2024-10-03 18:46:25 UTC1298OUTPOST /log?format=json&hasfast=true&authuser=0 HTTP/1.1
                                                      Host: play.google.com
                                                      Connection: keep-alive
                                                      Content-Length: 1218
                                                      sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                      sec-ch-ua-mobile: ?0
                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                      sec-ch-ua-arch: "x86"
                                                      Content-Type: text/plain;charset=UTF-8
                                                      sec-ch-ua-full-version: "117.0.5938.149"
                                                      sec-ch-ua-platform-version: "10.0.0"
                                                      X-Goog-AuthUser: 0
                                                      sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.149", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.149"
                                                      sec-ch-ua-bitness: "64"
                                                      sec-ch-ua-model: ""
                                                      sec-ch-ua-wow64: ?0
                                                      sec-ch-ua-platform: "Windows"
                                                      Accept: */*
                                                      Origin: https://accounts.google.com
                                                      X-Client-Data: CJe2yQEIo7bJAQipncoBCJr0ygEIkqHLAQiFoM0BCNy9zQEIkMrNAQi5ys0BCL/QzQEIxtHNAQi61M0BCMrWzQEIp9jNAQj5wNQVGPKYzQEYudLNARjrjaUX
                                                      Sec-Fetch-Site: same-site
                                                      Sec-Fetch-Mode: cors
                                                      Sec-Fetch-Dest: empty
                                                      Referer: https://accounts.google.com/
                                                      Accept-Encoding: gzip, deflate, br
                                                      Accept-Language: en-US,en;q=0.9
                                                      Cookie: NID=518=j-qwZ8WBmj0LjVYhyNu2BccejTJhr9A4MvK_W-CNEXu1DTrPBIe6mp2tG2Ldn7f74IeFtJbVo-RHMnCjCeg5Izw1K1ZkU425gp4O4y85HIk5CtIswVhlIkji7LfhTPUt2uRRUNNelQSm_qR98I1g07dIXGYmzHihDxvOUQvzPszHfne6_g
                                                      2024-10-03 18:46:25 UTC1218OUTData Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 65 6e 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 34 39 22 5d 2c 5b 34 2c 30 2c 30 2c 30 2c 30 5d 5d 5d 2c 35 35 38 2c 5b 5b 22 31 37 32 37 39 38 31 31 37 34 30 30 30 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c
                                                      Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,"en",null,null,null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.149"],[4,0,0,0,0]]],558,[["1727981174000",null,null,null,
                                                      2024-10-03 18:46:25 UTC940INHTTP/1.1 200 OK
                                                      Access-Control-Allow-Origin: https://accounts.google.com
                                                      Cross-Origin-Resource-Policy: cross-origin
                                                      Access-Control-Allow-Credentials: true
                                                      Access-Control-Allow-Headers: X-Playlog-Web
                                                      Set-Cookie: NID=518=xpOvWzXapvKbmNLXihA-7oET6prDxakK--eN8PKEsD8XStESuOq03YmdAMBS69ss9IYPF-gzuYptqviLNLoiVM9qq5x6WEVW8Xi5nLZYt6zDwYp_FIEzOdMh3HpMrKbs3f_weN02_s5X68-wb1xHxkiGnj-cVZAXOjqvOGR45INw_VfVlH7asfcZlA; expires=Fri, 04-Apr-2025 18:46:25 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
                                                      P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                      Content-Type: text/plain; charset=UTF-8
                                                      Date: Thu, 03 Oct 2024 18:46:25 GMT
                                                      Server: Playlog
                                                      Cache-Control: private
                                                      X-XSS-Protection: 0
                                                      X-Frame-Options: SAMEORIGIN
                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                      Accept-Ranges: none
                                                      Vary: Accept-Encoding
                                                      Expires: Thu, 03 Oct 2024 18:46:25 GMT
                                                      Connection: close
                                                      Transfer-Encoding: chunked
                                                      2024-10-03 18:46:25 UTC137INData Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a
                                                      Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
                                                      2024-10-03 18:46:25 UTC5INData Raw: 30 0d 0a 0d 0a
                                                      Data Ascii: 0


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      12192.168.2.1049759142.250.186.1424437808C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      TimestampBytes transferredDirectionData
                                                      2024-10-03 18:46:48 UTC1329OUTPOST /log?format=json&hasfast=true&authuser=0 HTTP/1.1
                                                      Host: play.google.com
                                                      Connection: keep-alive
                                                      Content-Length: 1395
                                                      sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                      sec-ch-ua-mobile: ?0
                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                      sec-ch-ua-arch: "x86"
                                                      Content-Type: application/x-www-form-urlencoded;charset=UTF-8
                                                      sec-ch-ua-full-version: "117.0.5938.149"
                                                      sec-ch-ua-platform-version: "10.0.0"
                                                      X-Goog-AuthUser: 0
                                                      sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.149", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.149"
                                                      sec-ch-ua-bitness: "64"
                                                      sec-ch-ua-model: ""
                                                      sec-ch-ua-wow64: ?0
                                                      sec-ch-ua-platform: "Windows"
                                                      Accept: */*
                                                      Origin: https://accounts.google.com
                                                      X-Client-Data: CJe2yQEIo7bJAQipncoBCJr0ygEIkqHLAQiFoM0BCNy9zQEIkMrNAQi5ys0BCL/QzQEIxtHNAQi61M0BCMrWzQEIp9jNAQj5wNQVGPKYzQEYudLNARjrjaUX
                                                      Sec-Fetch-Site: same-site
                                                      Sec-Fetch-Mode: cors
                                                      Sec-Fetch-Dest: empty
                                                      Referer: https://accounts.google.com/
                                                      Accept-Encoding: gzip, deflate, br
                                                      Accept-Language: en-US,en;q=0.9
                                                      Cookie: NID=518=xpOvWzXapvKbmNLXihA-7oET6prDxakK--eN8PKEsD8XStESuOq03YmdAMBS69ss9IYPF-gzuYptqviLNLoiVM9qq5x6WEVW8Xi5nLZYt6zDwYp_FIEzOdMh3HpMrKbs3f_weN02_s5X68-wb1xHxkiGnj-cVZAXOjqvOGR45INw_VfVlH7asfcZlA
                                                      2024-10-03 18:46:48 UTC1395OUTData Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 65 6e 22 2c 6e 75 6c 6c 2c 22 33 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 34 39 22 5d 2c 5b 31 2c 30 2c 30 2c 30 2c 30 5d 5d 5d 2c 31 38 32 38 2c 5b 5b 22 31 37 32 37 39 38 31 32 30 36 39 30 36 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c
                                                      Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,"en",null,"31",null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.149"],[1,0,0,0,0]]],1828,[["1727981206906",null,null,null
                                                      2024-10-03 18:46:48 UTC523INHTTP/1.1 200 OK
                                                      Access-Control-Allow-Origin: https://accounts.google.com
                                                      Cross-Origin-Resource-Policy: cross-origin
                                                      Access-Control-Allow-Credentials: true
                                                      Access-Control-Allow-Headers: X-Playlog-Web
                                                      Content-Type: text/plain; charset=UTF-8
                                                      Date: Thu, 03 Oct 2024 18:46:48 GMT
                                                      Server: Playlog
                                                      Cache-Control: private
                                                      X-XSS-Protection: 0
                                                      X-Frame-Options: SAMEORIGIN
                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                      Accept-Ranges: none
                                                      Vary: Accept-Encoding
                                                      Connection: close
                                                      Transfer-Encoding: chunked
                                                      2024-10-03 18:46:48 UTC137INData Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a
                                                      Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
                                                      2024-10-03 18:46:48 UTC5INData Raw: 30 0d 0a 0d 0a
                                                      Data Ascii: 0


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      13192.168.2.1049760142.250.186.1424437808C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      TimestampBytes transferredDirectionData
                                                      2024-10-03 18:46:48 UTC1329OUTPOST /log?format=json&hasfast=true&authuser=0 HTTP/1.1
                                                      Host: play.google.com
                                                      Connection: keep-alive
                                                      Content-Length: 1446
                                                      sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                      sec-ch-ua-mobile: ?0
                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                      sec-ch-ua-arch: "x86"
                                                      Content-Type: application/x-www-form-urlencoded;charset=UTF-8
                                                      sec-ch-ua-full-version: "117.0.5938.149"
                                                      sec-ch-ua-platform-version: "10.0.0"
                                                      X-Goog-AuthUser: 0
                                                      sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.149", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.149"
                                                      sec-ch-ua-bitness: "64"
                                                      sec-ch-ua-model: ""
                                                      sec-ch-ua-wow64: ?0
                                                      sec-ch-ua-platform: "Windows"
                                                      Accept: */*
                                                      Origin: https://accounts.google.com
                                                      X-Client-Data: CJe2yQEIo7bJAQipncoBCJr0ygEIkqHLAQiFoM0BCNy9zQEIkMrNAQi5ys0BCL/QzQEIxtHNAQi61M0BCMrWzQEIp9jNAQj5wNQVGPKYzQEYudLNARjrjaUX
                                                      Sec-Fetch-Site: same-site
                                                      Sec-Fetch-Mode: cors
                                                      Sec-Fetch-Dest: empty
                                                      Referer: https://accounts.google.com/
                                                      Accept-Encoding: gzip, deflate, br
                                                      Accept-Language: en-US,en;q=0.9
                                                      Cookie: NID=518=xpOvWzXapvKbmNLXihA-7oET6prDxakK--eN8PKEsD8XStESuOq03YmdAMBS69ss9IYPF-gzuYptqviLNLoiVM9qq5x6WEVW8Xi5nLZYt6zDwYp_FIEzOdMh3HpMrKbs3f_weN02_s5X68-wb1xHxkiGnj-cVZAXOjqvOGR45INw_VfVlH7asfcZlA
                                                      2024-10-03 18:46:48 UTC1446OUTData Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 65 6e 22 2c 6e 75 6c 6c 2c 22 33 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 34 39 22 5d 2c 5b 31 2c 30 2c 30 2c 30 2c 30 5d 5d 5d 2c 31 38 32 38 2c 5b 5b 22 31 37 32 37 39 38 31 32 30 36 39 33 39 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c
                                                      Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,"en",null,"31",null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.149"],[1,0,0,0,0]]],1828,[["1727981206939",null,null,null
                                                      2024-10-03 18:46:48 UTC523INHTTP/1.1 200 OK
                                                      Access-Control-Allow-Origin: https://accounts.google.com
                                                      Cross-Origin-Resource-Policy: cross-origin
                                                      Access-Control-Allow-Credentials: true
                                                      Access-Control-Allow-Headers: X-Playlog-Web
                                                      Content-Type: text/plain; charset=UTF-8
                                                      Date: Thu, 03 Oct 2024 18:46:48 GMT
                                                      Server: Playlog
                                                      Cache-Control: private
                                                      X-XSS-Protection: 0
                                                      X-Frame-Options: SAMEORIGIN
                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                      Accept-Ranges: none
                                                      Vary: Accept-Encoding
                                                      Connection: close
                                                      Transfer-Encoding: chunked
                                                      2024-10-03 18:46:48 UTC137INData Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a
                                                      Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
                                                      2024-10-03 18:46:48 UTC5INData Raw: 30 0d 0a 0d 0a
                                                      Data Ascii: 0


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      14192.168.2.1049761142.250.186.1424437808C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      TimestampBytes transferredDirectionData
                                                      2024-10-03 18:46:48 UTC1288OUTPOST /log?hasfast=true&authuser=0&format=json HTTP/1.1
                                                      Host: play.google.com
                                                      Connection: keep-alive
                                                      Content-Length: 892
                                                      sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                      sec-ch-ua-mobile: ?0
                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                      sec-ch-ua-arch: "x86"
                                                      sec-ch-ua-full-version: "117.0.5938.149"
                                                      Content-Type: text/plain;charset=UTF-8
                                                      sec-ch-ua-platform-version: "10.0.0"
                                                      sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.149", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.149"
                                                      sec-ch-ua-bitness: "64"
                                                      sec-ch-ua-model: ""
                                                      sec-ch-ua-wow64: ?0
                                                      sec-ch-ua-platform: "Windows"
                                                      Accept: */*
                                                      Origin: https://accounts.google.com
                                                      X-Client-Data: CJe2yQEIo7bJAQipncoBCJr0ygEIkqHLAQiFoM0BCNy9zQEIkMrNAQi5ys0BCL/QzQEIxtHNAQi61M0BCMrWzQEIp9jNAQj5wNQVGPKYzQEYudLNARjrjaUX
                                                      Sec-Fetch-Site: same-site
                                                      Sec-Fetch-Mode: no-cors
                                                      Sec-Fetch-Dest: empty
                                                      Referer: https://accounts.google.com/
                                                      Accept-Encoding: gzip, deflate, br
                                                      Accept-Language: en-US,en;q=0.9
                                                      Cookie: NID=518=xpOvWzXapvKbmNLXihA-7oET6prDxakK--eN8PKEsD8XStESuOq03YmdAMBS69ss9IYPF-gzuYptqviLNLoiVM9qq5x6WEVW8Xi5nLZYt6zDwYp_FIEzOdMh3HpMrKbs3f_weN02_s5X68-wb1xHxkiGnj-cVZAXOjqvOGR45INw_VfVlH7asfcZlA
                                                      2024-10-03 18:46:48 UTC892OUTData Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 65 6e 22 2c 6e 75 6c 6c 2c 22 62 6f 71 5f 69 64 65 6e 74 69 74 79 66 72 6f 6e 74 65 6e 64 61 75 74 68 75 69 73 65 72 76 65 72 5f 32 30 32 34 31 30 30 31 2e 30 36 5f 70 30 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 34 39 22 5d 2c 5b 33 2c 30 2c 30
                                                      Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,"en",null,"boq_identityfrontendauthuiserver_20241001.06_p0",null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.149"],[3,0,0
                                                      2024-10-03 18:46:49 UTC523INHTTP/1.1 200 OK
                                                      Access-Control-Allow-Origin: https://accounts.google.com
                                                      Cross-Origin-Resource-Policy: cross-origin
                                                      Access-Control-Allow-Credentials: true
                                                      Access-Control-Allow-Headers: X-Playlog-Web
                                                      Content-Type: text/plain; charset=UTF-8
                                                      Date: Thu, 03 Oct 2024 18:46:49 GMT
                                                      Server: Playlog
                                                      Cache-Control: private
                                                      X-XSS-Protection: 0
                                                      X-Frame-Options: SAMEORIGIN
                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                      Accept-Ranges: none
                                                      Vary: Accept-Encoding
                                                      Connection: close
                                                      Transfer-Encoding: chunked
                                                      2024-10-03 18:46:49 UTC137INData Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a
                                                      Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
                                                      2024-10-03 18:46:49 UTC5INData Raw: 30 0d 0a 0d 0a
                                                      Data Ascii: 0


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      15192.168.2.10497624.245.163.56443
                                                      TimestampBytes transferredDirectionData
                                                      2024-10-03 18:46:59 UTC306OUTGET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=pCDAy6F2aV+PyEZ&MD=xDX9xu4B HTTP/1.1
                                                      Connection: Keep-Alive
                                                      Accept: */*
                                                      User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                                      Host: slscr.update.microsoft.com
                                                      2024-10-03 18:46:59 UTC560INHTTP/1.1 200 OK
                                                      Cache-Control: no-cache
                                                      Pragma: no-cache
                                                      Content-Type: application/octet-stream
                                                      Expires: -1
                                                      Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                                      ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440"
                                                      MS-CorrelationId: d0378d3e-db6b-4601-b9d5-51a9f64218bc
                                                      MS-RequestId: adcf5ffb-13a7-4482-aa79-1d00e6f9720a
                                                      MS-CV: ycoqscs7uUmoOxy7.0
                                                      X-Microsoft-SLSClientCache: 1440
                                                      Content-Disposition: attachment; filename=environment.cab
                                                      X-Content-Type-Options: nosniff
                                                      Date: Thu, 03 Oct 2024 18:46:59 GMT
                                                      Connection: close
                                                      Content-Length: 30005
                                                      2024-10-03 18:46:59 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e
                                                      Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
                                                      2024-10-03 18:46:59 UTC14181INData Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f
                                                      Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      16192.168.2.1049767142.250.185.1104437808C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      TimestampBytes transferredDirectionData
                                                      2024-10-03 18:47:19 UTC1329OUTPOST /log?format=json&hasfast=true&authuser=0 HTTP/1.1
                                                      Host: play.google.com
                                                      Connection: keep-alive
                                                      Content-Length: 1240
                                                      sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                      sec-ch-ua-mobile: ?0
                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                      sec-ch-ua-arch: "x86"
                                                      Content-Type: application/x-www-form-urlencoded;charset=UTF-8
                                                      sec-ch-ua-full-version: "117.0.5938.149"
                                                      sec-ch-ua-platform-version: "10.0.0"
                                                      X-Goog-AuthUser: 0
                                                      sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.149", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.149"
                                                      sec-ch-ua-bitness: "64"
                                                      sec-ch-ua-model: ""
                                                      sec-ch-ua-wow64: ?0
                                                      sec-ch-ua-platform: "Windows"
                                                      Accept: */*
                                                      Origin: https://accounts.google.com
                                                      X-Client-Data: CJe2yQEIo7bJAQipncoBCJr0ygEIkqHLAQiFoM0BCNy9zQEIkMrNAQi5ys0BCL/QzQEIxtHNAQi61M0BCMrWzQEIp9jNAQj5wNQVGPKYzQEYudLNARjrjaUX
                                                      Sec-Fetch-Site: same-site
                                                      Sec-Fetch-Mode: cors
                                                      Sec-Fetch-Dest: empty
                                                      Referer: https://accounts.google.com/
                                                      Accept-Encoding: gzip, deflate, br
                                                      Accept-Language: en-US,en;q=0.9
                                                      Cookie: NID=518=xpOvWzXapvKbmNLXihA-7oET6prDxakK--eN8PKEsD8XStESuOq03YmdAMBS69ss9IYPF-gzuYptqviLNLoiVM9qq5x6WEVW8Xi5nLZYt6zDwYp_FIEzOdMh3HpMrKbs3f_weN02_s5X68-wb1xHxkiGnj-cVZAXOjqvOGR45INw_VfVlH7asfcZlA
                                                      2024-10-03 18:47:19 UTC1240OUTData Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 65 6e 22 2c 6e 75 6c 6c 2c 22 33 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 34 39 22 5d 2c 5b 31 2c 30 2c 30 2c 30 2c 30 5d 5d 5d 2c 31 38 32 38 2c 5b 5b 22 31 37 32 37 39 38 31 32 33 37 38 35 31 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c
                                                      Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,"en",null,"31",null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.149"],[1,0,0,0,0]]],1828,[["1727981237851",null,null,null
                                                      2024-10-03 18:47:19 UTC523INHTTP/1.1 200 OK
                                                      Access-Control-Allow-Origin: https://accounts.google.com
                                                      Cross-Origin-Resource-Policy: cross-origin
                                                      Access-Control-Allow-Credentials: true
                                                      Access-Control-Allow-Headers: X-Playlog-Web
                                                      Content-Type: text/plain; charset=UTF-8
                                                      Date: Thu, 03 Oct 2024 18:47:19 GMT
                                                      Server: Playlog
                                                      Cache-Control: private
                                                      X-XSS-Protection: 0
                                                      X-Frame-Options: SAMEORIGIN
                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                      Accept-Ranges: none
                                                      Vary: Accept-Encoding
                                                      Connection: close
                                                      Transfer-Encoding: chunked
                                                      2024-10-03 18:47:19 UTC137INData Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a
                                                      Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
                                                      2024-10-03 18:47:19 UTC5INData Raw: 30 0d 0a 0d 0a
                                                      Data Ascii: 0


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      17192.168.2.1049768142.250.185.1104437808C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      TimestampBytes transferredDirectionData
                                                      2024-10-03 18:47:19 UTC1329OUTPOST /log?format=json&hasfast=true&authuser=0 HTTP/1.1
                                                      Host: play.google.com
                                                      Connection: keep-alive
                                                      Content-Length: 1435
                                                      sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                      sec-ch-ua-mobile: ?0
                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                      sec-ch-ua-arch: "x86"
                                                      Content-Type: application/x-www-form-urlencoded;charset=UTF-8
                                                      sec-ch-ua-full-version: "117.0.5938.149"
                                                      sec-ch-ua-platform-version: "10.0.0"
                                                      X-Goog-AuthUser: 0
                                                      sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.149", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.149"
                                                      sec-ch-ua-bitness: "64"
                                                      sec-ch-ua-model: ""
                                                      sec-ch-ua-wow64: ?0
                                                      sec-ch-ua-platform: "Windows"
                                                      Accept: */*
                                                      Origin: https://accounts.google.com
                                                      X-Client-Data: CJe2yQEIo7bJAQipncoBCJr0ygEIkqHLAQiFoM0BCNy9zQEIkMrNAQi5ys0BCL/QzQEIxtHNAQi61M0BCMrWzQEIp9jNAQj5wNQVGPKYzQEYudLNARjrjaUX
                                                      Sec-Fetch-Site: same-site
                                                      Sec-Fetch-Mode: cors
                                                      Sec-Fetch-Dest: empty
                                                      Referer: https://accounts.google.com/
                                                      Accept-Encoding: gzip, deflate, br
                                                      Accept-Language: en-US,en;q=0.9
                                                      Cookie: NID=518=xpOvWzXapvKbmNLXihA-7oET6prDxakK--eN8PKEsD8XStESuOq03YmdAMBS69ss9IYPF-gzuYptqviLNLoiVM9qq5x6WEVW8Xi5nLZYt6zDwYp_FIEzOdMh3HpMrKbs3f_weN02_s5X68-wb1xHxkiGnj-cVZAXOjqvOGR45INw_VfVlH7asfcZlA
                                                      2024-10-03 18:47:19 UTC1435OUTData Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 65 6e 22 2c 6e 75 6c 6c 2c 22 33 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 34 39 22 5d 2c 5b 31 2c 30 2c 30 2c 30 2c 30 5d 5d 5d 2c 31 38 32 38 2c 5b 5b 22 31 37 32 37 39 38 31 32 33 38 30 30 37 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c
                                                      Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,"en",null,"31",null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.149"],[1,0,0,0,0]]],1828,[["1727981238007",null,null,null
                                                      2024-10-03 18:47:19 UTC523INHTTP/1.1 200 OK
                                                      Access-Control-Allow-Origin: https://accounts.google.com
                                                      Cross-Origin-Resource-Policy: cross-origin
                                                      Access-Control-Allow-Credentials: true
                                                      Access-Control-Allow-Headers: X-Playlog-Web
                                                      Content-Type: text/plain; charset=UTF-8
                                                      Date: Thu, 03 Oct 2024 18:47:19 GMT
                                                      Server: Playlog
                                                      Cache-Control: private
                                                      X-XSS-Protection: 0
                                                      X-Frame-Options: SAMEORIGIN
                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                      Accept-Ranges: none
                                                      Vary: Accept-Encoding
                                                      Connection: close
                                                      Transfer-Encoding: chunked
                                                      2024-10-03 18:47:19 UTC137INData Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a
                                                      Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
                                                      2024-10-03 18:47:19 UTC5INData Raw: 30 0d 0a 0d 0a
                                                      Data Ascii: 0


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      18192.168.2.1049770142.250.185.1104437808C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      TimestampBytes transferredDirectionData
                                                      2024-10-03 18:47:51 UTC1329OUTPOST /log?format=json&hasfast=true&authuser=0 HTTP/1.1
                                                      Host: play.google.com
                                                      Connection: keep-alive
                                                      Content-Length: 1161
                                                      sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                      sec-ch-ua-mobile: ?0
                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                      sec-ch-ua-arch: "x86"
                                                      Content-Type: application/x-www-form-urlencoded;charset=UTF-8
                                                      sec-ch-ua-full-version: "117.0.5938.149"
                                                      sec-ch-ua-platform-version: "10.0.0"
                                                      X-Goog-AuthUser: 0
                                                      sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.149", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.149"
                                                      sec-ch-ua-bitness: "64"
                                                      sec-ch-ua-model: ""
                                                      sec-ch-ua-wow64: ?0
                                                      sec-ch-ua-platform: "Windows"
                                                      Accept: */*
                                                      Origin: https://accounts.google.com
                                                      X-Client-Data: CJe2yQEIo7bJAQipncoBCJr0ygEIkqHLAQiFoM0BCNy9zQEIkMrNAQi5ys0BCL/QzQEIxtHNAQi61M0BCMrWzQEIp9jNAQj5wNQVGPKYzQEYudLNARjrjaUX
                                                      Sec-Fetch-Site: same-site
                                                      Sec-Fetch-Mode: cors
                                                      Sec-Fetch-Dest: empty
                                                      Referer: https://accounts.google.com/
                                                      Accept-Encoding: gzip, deflate, br
                                                      Accept-Language: en-US,en;q=0.9
                                                      Cookie: NID=518=xpOvWzXapvKbmNLXihA-7oET6prDxakK--eN8PKEsD8XStESuOq03YmdAMBS69ss9IYPF-gzuYptqviLNLoiVM9qq5x6WEVW8Xi5nLZYt6zDwYp_FIEzOdMh3HpMrKbs3f_weN02_s5X68-wb1xHxkiGnj-cVZAXOjqvOGR45INw_VfVlH7asfcZlA
                                                      2024-10-03 18:47:51 UTC1161OUTData Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 65 6e 22 2c 6e 75 6c 6c 2c 22 33 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 34 39 22 5d 2c 5b 31 2c 30 2c 30 2c 30 2c 30 5d 5d 5d 2c 31 38 32 38 2c 5b 5b 22 31 37 32 37 39 38 31 32 37 30 33 35 30 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c
                                                      Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,"en",null,"31",null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.149"],[1,0,0,0,0]]],1828,[["1727981270350",null,null,null
                                                      2024-10-03 18:47:51 UTC523INHTTP/1.1 200 OK
                                                      Access-Control-Allow-Origin: https://accounts.google.com
                                                      Cross-Origin-Resource-Policy: cross-origin
                                                      Access-Control-Allow-Credentials: true
                                                      Access-Control-Allow-Headers: X-Playlog-Web
                                                      Content-Type: text/plain; charset=UTF-8
                                                      Date: Thu, 03 Oct 2024 18:47:51 GMT
                                                      Server: Playlog
                                                      Cache-Control: private
                                                      X-XSS-Protection: 0
                                                      X-Frame-Options: SAMEORIGIN
                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                      Accept-Ranges: none
                                                      Vary: Accept-Encoding
                                                      Connection: close
                                                      Transfer-Encoding: chunked
                                                      2024-10-03 18:47:51 UTC137INData Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a
                                                      Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
                                                      2024-10-03 18:47:51 UTC5INData Raw: 30 0d 0a 0d 0a
                                                      Data Ascii: 0


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      19192.168.2.1049771142.250.185.1104437808C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      TimestampBytes transferredDirectionData
                                                      2024-10-03 18:47:51 UTC1329OUTPOST /log?format=json&hasfast=true&authuser=0 HTTP/1.1
                                                      Host: play.google.com
                                                      Connection: keep-alive
                                                      Content-Length: 1443
                                                      sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                      sec-ch-ua-mobile: ?0
                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                      sec-ch-ua-arch: "x86"
                                                      Content-Type: application/x-www-form-urlencoded;charset=UTF-8
                                                      sec-ch-ua-full-version: "117.0.5938.149"
                                                      sec-ch-ua-platform-version: "10.0.0"
                                                      X-Goog-AuthUser: 0
                                                      sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.149", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.149"
                                                      sec-ch-ua-bitness: "64"
                                                      sec-ch-ua-model: ""
                                                      sec-ch-ua-wow64: ?0
                                                      sec-ch-ua-platform: "Windows"
                                                      Accept: */*
                                                      Origin: https://accounts.google.com
                                                      X-Client-Data: CJe2yQEIo7bJAQipncoBCJr0ygEIkqHLAQiFoM0BCNy9zQEIkMrNAQi5ys0BCL/QzQEIxtHNAQi61M0BCMrWzQEIp9jNAQj5wNQVGPKYzQEYudLNARjrjaUX
                                                      Sec-Fetch-Site: same-site
                                                      Sec-Fetch-Mode: cors
                                                      Sec-Fetch-Dest: empty
                                                      Referer: https://accounts.google.com/
                                                      Accept-Encoding: gzip, deflate, br
                                                      Accept-Language: en-US,en;q=0.9
                                                      Cookie: NID=518=xpOvWzXapvKbmNLXihA-7oET6prDxakK--eN8PKEsD8XStESuOq03YmdAMBS69ss9IYPF-gzuYptqviLNLoiVM9qq5x6WEVW8Xi5nLZYt6zDwYp_FIEzOdMh3HpMrKbs3f_weN02_s5X68-wb1xHxkiGnj-cVZAXOjqvOGR45INw_VfVlH7asfcZlA
                                                      2024-10-03 18:47:51 UTC1443OUTData Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 65 6e 22 2c 6e 75 6c 6c 2c 22 33 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 34 39 22 5d 2c 5b 31 2c 30 2c 30 2c 30 2c 30 5d 5d 5d 2c 31 38 32 38 2c 5b 5b 22 31 37 32 37 39 38 31 32 37 30 33 35 37 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c
                                                      Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,"en",null,"31",null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.149"],[1,0,0,0,0]]],1828,[["1727981270357",null,null,null
                                                      2024-10-03 18:47:51 UTC523INHTTP/1.1 200 OK
                                                      Access-Control-Allow-Origin: https://accounts.google.com
                                                      Cross-Origin-Resource-Policy: cross-origin
                                                      Access-Control-Allow-Credentials: true
                                                      Access-Control-Allow-Headers: X-Playlog-Web
                                                      Content-Type: text/plain; charset=UTF-8
                                                      Date: Thu, 03 Oct 2024 18:47:51 GMT
                                                      Server: Playlog
                                                      Cache-Control: private
                                                      X-XSS-Protection: 0
                                                      X-Frame-Options: SAMEORIGIN
                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                      Accept-Ranges: none
                                                      Vary: Accept-Encoding
                                                      Connection: close
                                                      Transfer-Encoding: chunked
                                                      2024-10-03 18:47:51 UTC137INData Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a
                                                      Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
                                                      2024-10-03 18:47:51 UTC5INData Raw: 30 0d 0a 0d 0a
                                                      Data Ascii: 0


                                                      Statistics

                                                      CPU Usage

                                                      Click to jump to process

                                                      Memory Usage

                                                      Click to jump to process

                                                      High Level Behavior Distribution

                                                      Click to dive into process behavior distribution

                                                      Behavior

                                                      Click to jump to process

                                                      System Behavior

                                                      General

                                                      Target ID:1
                                                      Start time:14:46:02
                                                      Start date:03/10/2024
                                                      Path:C:\Users\user\Desktop\file.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:"C:\Users\user\Desktop\file.exe"
                                                      Imagebase:0xb50000
                                                      File size:919'040 bytes
                                                      MD5 hash:5C3CF2541C758D3F50A08A65B6E2ABE3
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Reputation:low
                                                      Has exited:true

                                                      General

                                                      Target ID:2
                                                      Start time:14:46:02
                                                      Start date:03/10/2024
                                                      Path:C:\Windows\SysWOW64\taskkill.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:taskkill /F /IM chrome.exe /T
                                                      Imagebase:0x7c0000
                                                      File size:74'240 bytes
                                                      MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Reputation:moderate
                                                      Has exited:true

                                                      General

                                                      Target ID:3
                                                      Start time:14:46:02
                                                      Start date:03/10/2024
                                                      Path:C:\Windows\System32\conhost.exe
                                                      Wow64 process (32bit):false
                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                      Imagebase:0x7ff620390000
                                                      File size:862'208 bytes
                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Reputation:high
                                                      Has exited:true

                                                      General

                                                      Target ID:6
                                                      Start time:14:46:02
                                                      Start date:03/10/2024
                                                      Path:C:\Windows\SysWOW64\taskkill.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:taskkill /F /IM msedge.exe /T
                                                      Imagebase:0x7c0000
                                                      File size:74'240 bytes
                                                      MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Reputation:moderate
                                                      Has exited:true

                                                      General

                                                      Target ID:8
                                                      Start time:14:46:02
                                                      Start date:03/10/2024
                                                      Path:C:\Windows\System32\conhost.exe
                                                      Wow64 process (32bit):false
                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                      Imagebase:0x7ff620390000
                                                      File size:862'208 bytes
                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Reputation:high
                                                      Has exited:true

                                                      General

                                                      Target ID:12
                                                      Start time:14:46:02
                                                      Start date:03/10/2024
                                                      Path:C:\Windows\SysWOW64\taskkill.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:taskkill /F /IM firefox.exe /T
                                                      Imagebase:0x7c0000
                                                      File size:74'240 bytes
                                                      MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Reputation:moderate
                                                      Has exited:true

                                                      General

                                                      Target ID:13
                                                      Start time:14:46:02
                                                      Start date:03/10/2024
                                                      Path:C:\Windows\System32\conhost.exe
                                                      Wow64 process (32bit):false
                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                      Imagebase:0x7ff620390000
                                                      File size:862'208 bytes
                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Reputation:high
                                                      Has exited:true

                                                      General

                                                      Target ID:14
                                                      Start time:14:46:03
                                                      Start date:03/10/2024
                                                      Path:C:\Windows\SysWOW64\taskkill.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:taskkill /F /IM opera.exe /T
                                                      Imagebase:0x7c0000
                                                      File size:74'240 bytes
                                                      MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Reputation:moderate
                                                      Has exited:true

                                                      General

                                                      Target ID:15
                                                      Start time:14:46:03
                                                      Start date:03/10/2024
                                                      Path:C:\Windows\System32\conhost.exe
                                                      Wow64 process (32bit):false
                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                      Imagebase:0x7ff620390000
                                                      File size:862'208 bytes
                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Reputation:high
                                                      Has exited:true

                                                      General

                                                      Target ID:16
                                                      Start time:14:46:03
                                                      Start date:03/10/2024
                                                      Path:C:\Windows\SysWOW64\taskkill.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:taskkill /F /IM brave.exe /T
                                                      Imagebase:0x7c0000
                                                      File size:74'240 bytes
                                                      MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Reputation:moderate
                                                      Has exited:true

                                                      General

                                                      Target ID:17
                                                      Start time:14:46:03
                                                      Start date:03/10/2024
                                                      Path:C:\Windows\System32\conhost.exe
                                                      Wow64 process (32bit):false
                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                      Imagebase:0x7ff620390000
                                                      File size:862'208 bytes
                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Reputation:high
                                                      Has exited:true

                                                      General

                                                      Target ID:18
                                                      Start time:14:46:04
                                                      Start date:03/10/2024
                                                      Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      Wow64 process (32bit):false
                                                      Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --start-fullscreen --no-first-run --disable-session-crashed-bubble --disable-infobars
                                                      Imagebase:0x7ff6c5c30000
                                                      File size:3'242'272 bytes
                                                      MD5 hash:83395EAB5B03DEA9720F8D7AC0D15CAA
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Reputation:high
                                                      Has exited:false

                                                      General

                                                      Target ID:20
                                                      Start time:14:46:05
                                                      Start date:03/10/2024
                                                      Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      Wow64 process (32bit):false
                                                      Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 --field-trial-handle=1996,i,17554798086462426449,3277039695705647036,262144 /prefetch:8
                                                      Imagebase:0x7ff6c5c30000
                                                      File size:3'242'272 bytes
                                                      MD5 hash:83395EAB5B03DEA9720F8D7AC0D15CAA
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Has exited:false

                                                      General

                                                      Target ID:22
                                                      Start time:14:46:16
                                                      Start date:03/10/2024
                                                      Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      Wow64 process (32bit):false
                                                      Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4572 --field-trial-handle=1996,i,17554798086462426449,3277039695705647036,262144 /prefetch:8
                                                      Imagebase:0x7ff6c5c30000
                                                      File size:3'242'272 bytes
                                                      MD5 hash:83395EAB5B03DEA9720F8D7AC0D15CAA
                                                      Has elevated privileges:false
                                                      Has administrator privileges:false
                                                      Programmed in:C, C++ or other language
                                                      Has exited:false

                                                      General

                                                      Target ID:23
                                                      Start time:14:46:16
                                                      Start date:03/10/2024
                                                      Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      Wow64 process (32bit):false
                                                      Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4528 --field-trial-handle=1996,i,17554798086462426449,3277039695705647036,262144 /prefetch:8
                                                      Imagebase:0x7ff6c5c30000
                                                      File size:3'242'272 bytes
                                                      MD5 hash:83395EAB5B03DEA9720F8D7AC0D15CAA
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Has exited:true

                                                      Disassembly

                                                      Reset < >

                                                        Execution Graph

                                                        Execution Coverage:2.1%
                                                        Dynamic/Decrypted Code Coverage:0%
                                                        Signature Coverage:5%
                                                        Total number of Nodes:1620
                                                        Total number of Limit Nodes:53
                                                        execution_graph 95382 b52e37 95461 b5a961 95382->95461 95386 b52e6b 95480 b53a5a 95386->95480 95388 b52e7f 95487 b59cb3 95388->95487 95393 b52ead 95515 b5a8c7 22 API calls __fread_nolock 95393->95515 95394 b92cb0 95538 bc2cf9 95394->95538 95396 b92cc3 95397 b92ccf 95396->95397 95564 b54f39 95396->95564 95402 b54f39 68 API calls 95397->95402 95400 b52ec3 95516 b56f88 22 API calls 95400->95516 95405 b92ce5 95402->95405 95403 b52ecf 95404 b59cb3 22 API calls 95403->95404 95406 b52edc 95404->95406 95570 b53084 22 API calls 95405->95570 95517 b5a81b 41 API calls 95406->95517 95408 b52eec 95411 b59cb3 22 API calls 95408->95411 95410 b92d02 95571 b53084 22 API calls 95410->95571 95413 b52f12 95411->95413 95518 b5a81b 41 API calls 95413->95518 95414 b92d1e 95416 b53a5a 24 API calls 95414->95416 95417 b92d44 95416->95417 95572 b53084 22 API calls 95417->95572 95418 b52f21 95421 b5a961 22 API calls 95418->95421 95420 b92d50 95573 b5a8c7 22 API calls __fread_nolock 95420->95573 95423 b52f3f 95421->95423 95519 b53084 22 API calls 95423->95519 95425 b92d5e 95574 b53084 22 API calls 95425->95574 95426 b52f4b 95520 b74a28 40 API calls 3 library calls 95426->95520 95429 b92d6d 95575 b5a8c7 22 API calls __fread_nolock 95429->95575 95430 b52f59 95430->95405 95431 b52f63 95430->95431 95521 b74a28 40 API calls 3 library calls 95431->95521 95434 b92d83 95576 b53084 22 API calls 95434->95576 95435 b52f6e 95435->95410 95437 b52f78 95435->95437 95522 b74a28 40 API calls 3 library calls 95437->95522 95438 b92d90 95440 b52f83 95440->95414 95441 b52f8d 95440->95441 95523 b74a28 40 API calls 3 library calls 95441->95523 95443 b52f98 95444 b52fdc 95443->95444 95524 b53084 22 API calls 95443->95524 95444->95429 95445 b52fe8 95444->95445 95445->95438 95527 b563eb 95445->95527 95447 b52fbf 95525 b5a8c7 22 API calls __fread_nolock 95447->95525 95451 b52fcd 95526 b53084 22 API calls 95451->95526 95454 b53006 95534 b570b0 23 API calls 95454->95534 95458 b53021 95459 b53065 95458->95459 95535 b56f88 22 API calls 95458->95535 95536 b570b0 23 API calls 95458->95536 95537 b53084 22 API calls 95458->95537 95577 b6fe0b 95461->95577 95463 b5a976 95587 b6fddb 95463->95587 95465 b52e4d 95466 b54ae3 95465->95466 95467 b54af0 __wsopen_s 95466->95467 95469 b54b22 95467->95469 95615 b56b57 95467->95615 95478 b54b58 95469->95478 95612 b54c6d 95469->95612 95471 b54c6d 22 API calls 95471->95478 95472 b59cb3 22 API calls 95474 b54c52 95472->95474 95473 b59cb3 22 API calls 95473->95478 95475 b5515f 22 API calls 95474->95475 95477 b54c5e 95475->95477 95477->95386 95478->95471 95478->95473 95479 b54c29 95478->95479 95627 b5515f 95478->95627 95479->95472 95479->95477 95644 b91f50 95480->95644 95483 b59cb3 22 API calls 95484 b53a8d 95483->95484 95646 b53aa2 95484->95646 95486 b53a97 95486->95388 95488 b59cc2 _wcslen 95487->95488 95489 b6fe0b 22 API calls 95488->95489 95490 b59cea __fread_nolock 95489->95490 95491 b6fddb 22 API calls 95490->95491 95492 b52e8c 95491->95492 95493 b54ecb 95492->95493 95666 b54e90 LoadLibraryA 95493->95666 95498 b54ef6 LoadLibraryExW 95674 b54e59 LoadLibraryA 95498->95674 95499 b93ccf 95500 b54f39 68 API calls 95499->95500 95502 b93cd6 95500->95502 95504 b54e59 3 API calls 95502->95504 95506 b93cde 95504->95506 95696 b550f5 40 API calls __fread_nolock 95506->95696 95507 b54f20 95507->95506 95508 b54f2c 95507->95508 95510 b54f39 68 API calls 95508->95510 95512 b52ea5 95510->95512 95511 b93cf5 95697 bc28fe 27 API calls 95511->95697 95512->95393 95512->95394 95514 b93d05 95515->95400 95516->95403 95517->95408 95518->95418 95519->95426 95520->95430 95521->95435 95522->95440 95523->95443 95524->95447 95525->95451 95526->95444 95528 b563f3 95527->95528 95529 b6fddb 22 API calls 95528->95529 95530 b56401 95529->95530 95773 b56a26 22 API calls 95530->95773 95532 b52ff8 95533 b56a50 22 API calls 95532->95533 95533->95454 95534->95458 95535->95458 95536->95458 95537->95458 95539 bc2d15 95538->95539 95774 b5511f 64 API calls 95539->95774 95541 bc2d29 95775 bc2e66 75 API calls 95541->95775 95543 bc2d3b 95561 bc2d3f 95543->95561 95776 b550f5 40 API calls __fread_nolock 95543->95776 95545 bc2d56 95777 b550f5 40 API calls __fread_nolock 95545->95777 95547 bc2d66 95778 b550f5 40 API calls __fread_nolock 95547->95778 95549 bc2d81 95779 b550f5 40 API calls __fread_nolock 95549->95779 95551 bc2d9c 95780 b5511f 64 API calls 95551->95780 95553 bc2db3 95554 b7ea0c ___std_exception_copy 21 API calls 95553->95554 95555 bc2dba 95554->95555 95556 b7ea0c ___std_exception_copy 21 API calls 95555->95556 95557 bc2dc4 95556->95557 95781 b550f5 40 API calls __fread_nolock 95557->95781 95559 bc2dd8 95782 bc28fe 27 API calls 95559->95782 95561->95396 95562 bc2dee 95562->95561 95783 bc22ce 95562->95783 95565 b54f43 95564->95565 95566 b54f4a 95564->95566 95567 b7e678 67 API calls 95565->95567 95568 b54f59 95566->95568 95569 b54f6a FreeLibrary 95566->95569 95567->95566 95568->95397 95569->95568 95570->95410 95571->95414 95572->95420 95573->95425 95574->95429 95575->95434 95576->95438 95579 b6fddb 95577->95579 95580 b6fdfa 95579->95580 95583 b6fdfc 95579->95583 95597 b7ea0c 95579->95597 95604 b74ead 7 API calls 2 library calls 95579->95604 95580->95463 95582 b7066d 95606 b732a4 RaiseException 95582->95606 95583->95582 95605 b732a4 RaiseException 95583->95605 95586 b7068a 95586->95463 95589 b6fde0 95587->95589 95588 b7ea0c ___std_exception_copy 21 API calls 95588->95589 95589->95588 95590 b6fdfa 95589->95590 95593 b6fdfc 95589->95593 95609 b74ead 7 API calls 2 library calls 95589->95609 95590->95465 95592 b7066d 95611 b732a4 RaiseException 95592->95611 95593->95592 95610 b732a4 RaiseException 95593->95610 95596 b7068a 95596->95465 95602 b83820 pre_c_initialization 95597->95602 95598 b8385e 95608 b7f2d9 20 API calls _abort 95598->95608 95599 b83849 RtlAllocateHeap 95601 b8385c 95599->95601 95599->95602 95601->95579 95602->95598 95602->95599 95607 b74ead 7 API calls 2 library calls 95602->95607 95604->95579 95605->95582 95606->95586 95607->95602 95608->95601 95609->95589 95610->95592 95611->95596 95633 b5aec9 95612->95633 95614 b54c78 95614->95469 95616 b56b67 _wcslen 95615->95616 95617 b94ba1 95615->95617 95620 b56ba2 95616->95620 95621 b56b7d 95616->95621 95640 b593b2 95617->95640 95619 b94baa 95619->95619 95623 b6fddb 22 API calls 95620->95623 95639 b56f34 22 API calls 95621->95639 95625 b56bae 95623->95625 95624 b56b85 __fread_nolock 95624->95469 95626 b6fe0b 22 API calls 95625->95626 95626->95624 95628 b5516e 95627->95628 95632 b5518f __fread_nolock 95627->95632 95630 b6fe0b 22 API calls 95628->95630 95629 b6fddb 22 API calls 95631 b551a2 95629->95631 95630->95632 95631->95478 95632->95629 95634 b5aedc 95633->95634 95635 b5aed9 __fread_nolock 95633->95635 95636 b6fddb 22 API calls 95634->95636 95635->95614 95637 b5aee7 95636->95637 95638 b6fe0b 22 API calls 95637->95638 95638->95635 95639->95624 95641 b593c0 95640->95641 95642 b593c9 __fread_nolock 95640->95642 95641->95642 95643 b5aec9 22 API calls 95641->95643 95642->95619 95642->95642 95643->95642 95645 b53a67 GetModuleFileNameW 95644->95645 95645->95483 95647 b91f50 __wsopen_s 95646->95647 95648 b53aaf GetFullPathNameW 95647->95648 95649 b53ace 95648->95649 95650 b53ae9 95648->95650 95651 b56b57 22 API calls 95649->95651 95660 b5a6c3 95650->95660 95653 b53ada 95651->95653 95656 b537a0 95653->95656 95657 b537ae 95656->95657 95658 b593b2 22 API calls 95657->95658 95659 b537c2 95658->95659 95659->95486 95661 b5a6d0 95660->95661 95662 b5a6dd 95660->95662 95661->95653 95663 b6fddb 22 API calls 95662->95663 95664 b5a6e7 95663->95664 95665 b6fe0b 22 API calls 95664->95665 95665->95661 95667 b54ec6 95666->95667 95668 b54ea8 GetProcAddress 95666->95668 95671 b7e5eb 95667->95671 95669 b54eb8 95668->95669 95669->95667 95670 b54ebf FreeLibrary 95669->95670 95670->95667 95698 b7e52a 95671->95698 95673 b54eea 95673->95498 95673->95499 95675 b54e8d 95674->95675 95676 b54e6e GetProcAddress 95674->95676 95679 b54f80 95675->95679 95677 b54e7e 95676->95677 95677->95675 95678 b54e86 FreeLibrary 95677->95678 95678->95675 95680 b6fe0b 22 API calls 95679->95680 95681 b54f95 95680->95681 95759 b55722 95681->95759 95683 b54fa1 __fread_nolock 95684 b550a5 95683->95684 95685 b93d1d 95683->95685 95695 b54fdc 95683->95695 95762 b542a2 CreateStreamOnHGlobal 95684->95762 95770 bc304d 74 API calls 95685->95770 95688 b93d22 95771 b5511f 64 API calls 95688->95771 95691 b93d45 95772 b550f5 40 API calls __fread_nolock 95691->95772 95694 b5506e ISource 95694->95507 95695->95688 95695->95694 95768 b550f5 40 API calls __fread_nolock 95695->95768 95769 b5511f 64 API calls 95695->95769 95696->95511 95697->95514 95701 b7e536 ___scrt_is_nonwritable_in_current_image 95698->95701 95699 b7e544 95723 b7f2d9 20 API calls _abort 95699->95723 95701->95699 95703 b7e574 95701->95703 95702 b7e549 95724 b827ec 26 API calls __cftof 95702->95724 95705 b7e586 95703->95705 95706 b7e579 95703->95706 95715 b88061 95705->95715 95725 b7f2d9 20 API calls _abort 95706->95725 95709 b7e58f 95711 b7e595 95709->95711 95712 b7e5a2 95709->95712 95710 b7e554 __fread_nolock 95710->95673 95726 b7f2d9 20 API calls _abort 95711->95726 95727 b7e5d4 LeaveCriticalSection __fread_nolock 95712->95727 95716 b8806d ___scrt_is_nonwritable_in_current_image 95715->95716 95728 b82f5e EnterCriticalSection 95716->95728 95718 b8807b 95729 b880fb 95718->95729 95722 b880ac __fread_nolock 95722->95709 95723->95702 95724->95710 95725->95710 95726->95710 95727->95710 95728->95718 95738 b8811e 95729->95738 95730 b88177 95748 b84c7d 20 API calls 2 library calls 95730->95748 95732 b88180 95749 b829c8 95732->95749 95735 b88189 95737 b88088 95735->95737 95755 b83405 11 API calls 2 library calls 95735->95755 95743 b880b7 95737->95743 95738->95730 95738->95737 95746 b7918d EnterCriticalSection 95738->95746 95747 b791a1 LeaveCriticalSection 95738->95747 95739 b881a8 95756 b7918d EnterCriticalSection 95739->95756 95742 b881bb 95742->95737 95758 b82fa6 LeaveCriticalSection 95743->95758 95745 b880be 95745->95722 95746->95738 95747->95738 95748->95732 95750 b829fc __dosmaperr 95749->95750 95751 b829d3 RtlFreeHeap 95749->95751 95750->95735 95751->95750 95752 b829e8 95751->95752 95757 b7f2d9 20 API calls _abort 95752->95757 95754 b829ee GetLastError 95754->95750 95755->95739 95756->95742 95757->95754 95758->95745 95760 b6fddb 22 API calls 95759->95760 95761 b55734 95760->95761 95761->95683 95763 b542bc FindResourceExW 95762->95763 95767 b542d9 95762->95767 95764 b935ba LoadResource 95763->95764 95763->95767 95765 b935cf SizeofResource 95764->95765 95764->95767 95766 b935e3 LockResource 95765->95766 95765->95767 95766->95767 95767->95695 95768->95695 95769->95695 95770->95688 95771->95691 95772->95694 95773->95532 95774->95541 95775->95543 95776->95545 95777->95547 95778->95549 95779->95551 95780->95553 95781->95559 95782->95562 95784 bc22e7 95783->95784 95785 bc22d9 95783->95785 95787 bc232c 95784->95787 95788 b7e5eb 29 API calls 95784->95788 95811 bc22f0 95784->95811 95786 b7e5eb 29 API calls 95785->95786 95786->95784 95812 bc2557 40 API calls __fread_nolock 95787->95812 95790 bc2311 95788->95790 95790->95787 95792 bc231a 95790->95792 95791 bc2370 95793 bc2395 95791->95793 95795 bc2374 95791->95795 95792->95811 95820 b7e678 95792->95820 95813 bc2171 95793->95813 95796 bc2381 95795->95796 95799 b7e678 67 API calls 95795->95799 95802 b7e678 67 API calls 95796->95802 95796->95811 95798 bc239d 95800 bc23c3 95798->95800 95801 bc23a3 95798->95801 95799->95796 95833 bc23f3 74 API calls 95800->95833 95803 bc23b0 95801->95803 95805 b7e678 67 API calls 95801->95805 95802->95811 95806 b7e678 67 API calls 95803->95806 95803->95811 95805->95803 95806->95811 95807 bc23de 95810 b7e678 67 API calls 95807->95810 95807->95811 95808 bc23ca 95808->95807 95809 b7e678 67 API calls 95808->95809 95809->95807 95810->95811 95811->95561 95812->95791 95814 b7ea0c ___std_exception_copy 21 API calls 95813->95814 95815 bc217f 95814->95815 95816 b7ea0c ___std_exception_copy 21 API calls 95815->95816 95817 bc2190 95816->95817 95818 b7ea0c ___std_exception_copy 21 API calls 95817->95818 95819 bc219c 95818->95819 95819->95798 95821 b7e684 ___scrt_is_nonwritable_in_current_image 95820->95821 95822 b7e695 95821->95822 95823 b7e6aa 95821->95823 95851 b7f2d9 20 API calls _abort 95822->95851 95831 b7e6a5 __fread_nolock 95823->95831 95834 b7918d EnterCriticalSection 95823->95834 95826 b7e69a 95852 b827ec 26 API calls __cftof 95826->95852 95827 b7e6c6 95835 b7e602 95827->95835 95830 b7e6d1 95853 b7e6ee LeaveCriticalSection __fread_nolock 95830->95853 95831->95811 95833->95808 95834->95827 95836 b7e60f 95835->95836 95838 b7e624 95835->95838 95886 b7f2d9 20 API calls _abort 95836->95886 95843 b7e61f 95838->95843 95854 b7dc0b 95838->95854 95839 b7e614 95887 b827ec 26 API calls __cftof 95839->95887 95843->95830 95847 b7e646 95871 b8862f 95847->95871 95850 b829c8 _free 20 API calls 95850->95843 95851->95826 95852->95831 95853->95831 95855 b7dc23 95854->95855 95856 b7dc1f 95854->95856 95855->95856 95857 b7d955 __fread_nolock 26 API calls 95855->95857 95860 b84d7a 95856->95860 95858 b7dc43 95857->95858 95888 b859be 62 API calls 5 library calls 95858->95888 95861 b84d90 95860->95861 95862 b7e640 95860->95862 95861->95862 95863 b829c8 _free 20 API calls 95861->95863 95864 b7d955 95862->95864 95863->95862 95865 b7d976 95864->95865 95866 b7d961 95864->95866 95865->95847 95889 b7f2d9 20 API calls _abort 95866->95889 95868 b7d966 95890 b827ec 26 API calls __cftof 95868->95890 95870 b7d971 95870->95847 95872 b8863e 95871->95872 95873 b88653 95871->95873 95894 b7f2c6 20 API calls _abort 95872->95894 95874 b8868e 95873->95874 95879 b8867a 95873->95879 95896 b7f2c6 20 API calls _abort 95874->95896 95876 b88643 95895 b7f2d9 20 API calls _abort 95876->95895 95891 b88607 95879->95891 95880 b88693 95897 b7f2d9 20 API calls _abort 95880->95897 95883 b8869b 95898 b827ec 26 API calls __cftof 95883->95898 95884 b7e64c 95884->95843 95884->95850 95886->95839 95887->95843 95888->95856 95889->95868 95890->95870 95899 b88585 95891->95899 95893 b8862b 95893->95884 95894->95876 95895->95884 95896->95880 95897->95883 95898->95884 95900 b88591 ___scrt_is_nonwritable_in_current_image 95899->95900 95910 b85147 EnterCriticalSection 95900->95910 95902 b8859f 95903 b885d1 95902->95903 95904 b885c6 95902->95904 95926 b7f2d9 20 API calls _abort 95903->95926 95911 b886ae 95904->95911 95907 b885cc 95927 b885fb LeaveCriticalSection __wsopen_s 95907->95927 95909 b885ee __fread_nolock 95909->95893 95910->95902 95928 b853c4 95911->95928 95913 b886c4 95941 b85333 21 API calls 2 library calls 95913->95941 95915 b886be 95915->95913 95917 b853c4 __wsopen_s 26 API calls 95915->95917 95925 b886f6 95915->95925 95916 b8871c 95919 b8873e 95916->95919 95942 b7f2a3 20 API calls __dosmaperr 95916->95942 95920 b886ed 95917->95920 95918 b853c4 __wsopen_s 26 API calls 95921 b88702 CloseHandle 95918->95921 95919->95907 95923 b853c4 __wsopen_s 26 API calls 95920->95923 95921->95913 95924 b8870e GetLastError 95921->95924 95923->95925 95924->95913 95925->95913 95925->95918 95926->95907 95927->95909 95929 b853d1 95928->95929 95930 b853e6 95928->95930 95943 b7f2c6 20 API calls _abort 95929->95943 95934 b8540b 95930->95934 95945 b7f2c6 20 API calls _abort 95930->95945 95933 b853d6 95944 b7f2d9 20 API calls _abort 95933->95944 95934->95915 95935 b85416 95946 b7f2d9 20 API calls _abort 95935->95946 95938 b853de 95938->95915 95939 b8541e 95947 b827ec 26 API calls __cftof 95939->95947 95941->95916 95942->95919 95943->95933 95944->95938 95945->95935 95946->95939 95947->95938 95948 b53156 95951 b53170 95948->95951 95952 b53187 95951->95952 95953 b5318c 95952->95953 95954 b531eb 95952->95954 95955 b531e9 95952->95955 95959 b53265 PostQuitMessage 95953->95959 95960 b53199 95953->95960 95957 b92dfb 95954->95957 95958 b531f1 95954->95958 95956 b531d0 DefWindowProcW 95955->95956 95966 b5316a 95956->95966 96010 b518e2 10 API calls 95957->96010 95961 b5321d SetTimer RegisterWindowMessageW 95958->95961 95962 b531f8 95958->95962 95959->95966 95964 b531a4 95960->95964 95965 b92e7c 95960->95965 95961->95966 95970 b53246 CreatePopupMenu I_RpcFreeBuffer 95961->95970 95967 b53201 KillTimer 95962->95967 95968 b92d9c 95962->95968 95971 b92e68 95964->95971 95972 b531ae 95964->95972 96023 bbbf30 34 API calls ___scrt_fastfail 95965->96023 95996 b530f2 95967->95996 95981 b92da1 95968->95981 95982 b92dd7 MoveWindow 95968->95982 95969 b92e1c 96011 b6e499 42 API calls 95969->96011 95977 b53253 95970->95977 96000 bbc161 95971->96000 95978 b92e4d 95972->95978 95979 b531b9 95972->95979 96008 b5326f 44 API calls ___scrt_fastfail 95977->96008 95978->95956 96022 bb0ad7 22 API calls 95978->96022 95979->95977 95986 b531c4 95979->95986 95980 b92e8e 95980->95956 95980->95966 95983 b92da7 95981->95983 95984 b92dc6 SetFocus 95981->95984 95982->95966 95983->95986 95988 b92db0 95983->95988 95984->95966 95986->95956 95993 b530f2 Shell_NotifyIconW 95986->95993 96009 b518e2 10 API calls 95988->96009 95991 b53263 95991->95966 95994 b92e41 95993->95994 96012 b53837 95994->96012 95997 b53154 95996->95997 95998 b53104 ___scrt_fastfail 95996->95998 96007 b53c50 DeleteObject DestroyWindow 95997->96007 95999 b53123 Shell_NotifyIconW 95998->95999 95999->95997 96001 bbc276 96000->96001 96002 bbc179 ___scrt_fastfail 96000->96002 96001->95966 96024 b53923 96002->96024 96004 bbc25f KillTimer SetTimer 96004->96001 96005 bbc1a0 96005->96004 96006 bbc251 Shell_NotifyIconW 96005->96006 96006->96004 96007->95966 96008->95991 96009->95966 96010->95969 96011->95986 96013 b53862 ___scrt_fastfail 96012->96013 96097 b54212 96013->96097 96016 b538e8 96018 b53906 Shell_NotifyIconW 96016->96018 96019 b93386 Shell_NotifyIconW 96016->96019 96020 b53923 24 API calls 96018->96020 96021 b5391c 96020->96021 96021->95955 96022->95955 96023->95980 96025 b53a13 96024->96025 96026 b5393f 96024->96026 96025->96005 96046 b56270 96026->96046 96029 b93393 LoadStringW 96032 b933ad 96029->96032 96030 b5395a 96031 b56b57 22 API calls 96030->96031 96033 b5396f 96031->96033 96040 b53994 ___scrt_fastfail 96032->96040 96060 b5a8c7 22 API calls __fread_nolock 96032->96060 96034 b933c9 96033->96034 96035 b5397c 96033->96035 96038 b56350 22 API calls 96034->96038 96035->96032 96037 b53986 96035->96037 96051 b56350 96037->96051 96041 b933d7 96038->96041 96043 b539f9 Shell_NotifyIconW 96040->96043 96041->96040 96061 b533c6 96041->96061 96043->96025 96044 b933f9 96045 b533c6 22 API calls 96044->96045 96045->96040 96047 b6fe0b 22 API calls 96046->96047 96048 b56295 96047->96048 96049 b6fddb 22 API calls 96048->96049 96050 b5394d 96049->96050 96050->96029 96050->96030 96052 b56362 96051->96052 96053 b94a51 96051->96053 96070 b56373 96052->96070 96080 b54a88 22 API calls __fread_nolock 96053->96080 96056 b5636e 96056->96040 96057 b94a5b 96058 b94a67 96057->96058 96081 b5a8c7 22 API calls __fread_nolock 96057->96081 96060->96040 96062 b930bb 96061->96062 96063 b533dd 96061->96063 96065 b6fddb 22 API calls 96062->96065 96087 b533ee 96063->96087 96067 b930c5 _wcslen 96065->96067 96066 b533e8 96066->96044 96068 b6fe0b 22 API calls 96067->96068 96069 b930fe __fread_nolock 96068->96069 96071 b563b6 __fread_nolock 96070->96071 96072 b56382 96070->96072 96071->96056 96072->96071 96073 b563a9 96072->96073 96074 b94a82 96072->96074 96082 b5a587 96073->96082 96075 b6fddb 22 API calls 96074->96075 96077 b94a91 96075->96077 96078 b6fe0b 22 API calls 96077->96078 96079 b94ac5 __fread_nolock 96078->96079 96080->96057 96081->96058 96083 b5a59d 96082->96083 96086 b5a598 __fread_nolock 96082->96086 96084 b6fe0b 22 API calls 96083->96084 96085 b9f80f 96083->96085 96084->96086 96086->96071 96088 b533fe _wcslen 96087->96088 96089 b9311d 96088->96089 96090 b53411 96088->96090 96092 b6fddb 22 API calls 96089->96092 96091 b5a587 22 API calls 96090->96091 96093 b5341e __fread_nolock 96091->96093 96094 b93127 96092->96094 96093->96066 96095 b6fe0b 22 API calls 96094->96095 96096 b93157 __fread_nolock 96095->96096 96098 b538b7 96097->96098 96099 b935a4 96097->96099 96098->96016 96101 bbc874 42 API calls _strftime 96098->96101 96099->96098 96100 b935ad DestroyIcon 96099->96100 96100->96098 96101->96016 96102 b51033 96107 b54c91 96102->96107 96106 b51042 96108 b5a961 22 API calls 96107->96108 96109 b54cff 96108->96109 96115 b53af0 96109->96115 96111 b54d9c 96113 b51038 96111->96113 96118 b551f7 22 API calls __fread_nolock 96111->96118 96114 b700a3 29 API calls __onexit 96113->96114 96114->96106 96119 b53b1c 96115->96119 96118->96111 96120 b53b0f 96119->96120 96121 b53b29 96119->96121 96120->96111 96121->96120 96122 b53b30 RegOpenKeyExW 96121->96122 96122->96120 96123 b53b4a RegQueryValueExW 96122->96123 96124 b53b80 RegCloseKey 96123->96124 96125 b53b6b 96123->96125 96124->96120 96125->96124 96126 b5dddc 96129 b5b710 96126->96129 96128 b5ddea 96130 b5b72b 96129->96130 96131 ba00f8 96130->96131 96132 ba0146 96130->96132 96140 b5b750 96130->96140 96135 ba0102 96131->96135 96138 ba010f 96131->96138 96131->96140 96196 bd58a2 349 API calls 2 library calls 96132->96196 96194 bd5d33 349 API calls 96135->96194 96157 b5ba20 96138->96157 96195 bd61d0 349 API calls 2 library calls 96138->96195 96144 b5bbe0 40 API calls 96140->96144 96147 b5ba4e 96140->96147 96148 ba0322 96140->96148 96152 b5bbd0 96140->96152 96156 b6d336 40 API calls 96140->96156 96140->96157 96161 b5ec40 96140->96161 96185 b5a81b 41 API calls 96140->96185 96186 b6d2f0 40 API calls 96140->96186 96187 b6a01b 349 API calls 96140->96187 96188 b70242 5 API calls __Init_thread_wait 96140->96188 96189 b6edcd 22 API calls 96140->96189 96190 b700a3 29 API calls __onexit 96140->96190 96191 b701f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 96140->96191 96192 b6ee53 82 API calls 96140->96192 96193 b6e5ca 349 API calls 96140->96193 96197 b5aceb 96140->96197 96207 baf6bf 23 API calls 96140->96207 96208 b5a8c7 22 API calls __fread_nolock 96140->96208 96142 ba03d9 96142->96142 96144->96140 96147->96128 96209 bd5c0c 82 API calls 96148->96209 96152->96128 96156->96140 96157->96152 96210 bc359c 82 API calls __wsopen_s 96157->96210 96182 b5ec76 ISource 96161->96182 96162 b70242 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 96162->96182 96163 b700a3 29 API calls pre_c_initialization 96163->96182 96165 b5fef7 96178 b5ed9d ISource 96165->96178 96214 b5a8c7 22 API calls __fread_nolock 96165->96214 96166 b6fddb 22 API calls 96166->96182 96168 ba4b0b 96216 bc359c 82 API calls __wsopen_s 96168->96216 96169 b5a8c7 22 API calls 96169->96182 96170 ba4600 96170->96178 96213 b5a8c7 22 API calls __fread_nolock 96170->96213 96176 b5fbe3 96176->96178 96179 ba4bdc 96176->96179 96184 b5f3ae ISource 96176->96184 96177 b5a961 22 API calls 96177->96182 96178->96140 96217 bc359c 82 API calls __wsopen_s 96179->96217 96181 ba4beb 96218 bc359c 82 API calls __wsopen_s 96181->96218 96182->96162 96182->96163 96182->96165 96182->96166 96182->96168 96182->96169 96182->96170 96182->96176 96182->96177 96182->96178 96182->96181 96183 b701f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent __Init_thread_footer 96182->96183 96182->96184 96211 b601e0 349 API calls 2 library calls 96182->96211 96212 b606a0 41 API calls ISource 96182->96212 96183->96182 96184->96178 96215 bc359c 82 API calls __wsopen_s 96184->96215 96185->96140 96186->96140 96187->96140 96188->96140 96189->96140 96190->96140 96191->96140 96192->96140 96193->96140 96194->96138 96195->96157 96196->96140 96198 b5acf9 96197->96198 96206 b5ad2a ISource 96197->96206 96199 b5ad55 96198->96199 96200 b5ad01 ISource 96198->96200 96199->96206 96219 b5a8c7 22 API calls __fread_nolock 96199->96219 96202 b9fa48 96200->96202 96203 b5ad21 96200->96203 96200->96206 96202->96206 96220 b6ce17 22 API calls ISource 96202->96220 96204 b9fa3a VariantClear 96203->96204 96203->96206 96204->96206 96206->96140 96207->96140 96208->96140 96209->96157 96210->96142 96211->96182 96212->96182 96213->96178 96214->96178 96215->96178 96216->96178 96217->96181 96218->96178 96219->96206 96220->96206 96221 b5f7bf 96222 b5fcb6 96221->96222 96223 b5f7d3 96221->96223 96224 b5aceb 23 API calls 96222->96224 96225 b5fcc2 96223->96225 96226 b6fddb 22 API calls 96223->96226 96224->96225 96227 b5aceb 23 API calls 96225->96227 96228 b5f7e5 96226->96228 96230 b5fd3d 96227->96230 96228->96225 96229 b5f83e 96228->96229 96228->96230 96253 b5ed9d ISource 96229->96253 96256 b61310 96229->96256 96316 bc1155 22 API calls 96230->96316 96234 b5fef7 96234->96253 96318 b5a8c7 22 API calls __fread_nolock 96234->96318 96236 ba4b0b 96320 bc359c 82 API calls __wsopen_s 96236->96320 96237 b5a8c7 22 API calls 96252 b5ec76 ISource 96237->96252 96238 ba4600 96238->96253 96317 b5a8c7 22 API calls __fread_nolock 96238->96317 96244 b5fbe3 96246 ba4bdc 96244->96246 96244->96253 96255 b5f3ae ISource 96244->96255 96245 b5a961 22 API calls 96245->96252 96321 bc359c 82 API calls __wsopen_s 96246->96321 96248 b700a3 29 API calls pre_c_initialization 96248->96252 96249 b70242 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 96249->96252 96250 ba4beb 96322 bc359c 82 API calls __wsopen_s 96250->96322 96251 b6fddb 22 API calls 96251->96252 96252->96234 96252->96236 96252->96237 96252->96238 96252->96244 96252->96245 96252->96248 96252->96249 96252->96250 96252->96251 96252->96253 96254 b701f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent __Init_thread_footer 96252->96254 96252->96255 96314 b601e0 349 API calls 2 library calls 96252->96314 96315 b606a0 41 API calls ISource 96252->96315 96254->96252 96255->96253 96319 bc359c 82 API calls __wsopen_s 96255->96319 96257 b61376 96256->96257 96258 b617b0 96256->96258 96259 b61390 96257->96259 96260 ba6331 96257->96260 96381 b70242 5 API calls __Init_thread_wait 96258->96381 96323 b61940 96259->96323 96263 ba633d 96260->96263 96385 bd709c 349 API calls 96260->96385 96263->96252 96265 b617ba 96267 b617fb 96265->96267 96269 b59cb3 22 API calls 96265->96269 96271 ba6346 96267->96271 96273 b6182c 96267->96273 96268 b61940 9 API calls 96270 b613b6 96268->96270 96276 b617d4 96269->96276 96270->96267 96272 b613ec 96270->96272 96386 bc359c 82 API calls __wsopen_s 96271->96386 96272->96271 96296 b61408 __fread_nolock 96272->96296 96274 b5aceb 23 API calls 96273->96274 96277 b61839 96274->96277 96382 b701f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 96276->96382 96383 b6d217 349 API calls 96277->96383 96280 ba636e 96300 ba6369 96280->96300 96387 bc359c 82 API calls __wsopen_s 96280->96387 96281 b6152f 96283 b6153c 96281->96283 96284 ba63d1 96281->96284 96285 b61940 9 API calls 96283->96285 96389 bd5745 54 API calls _wcslen 96284->96389 96287 b61549 96285->96287 96291 ba64fa 96287->96291 96293 b61940 9 API calls 96287->96293 96288 b6fddb 22 API calls 96288->96296 96289 b61872 96384 b6faeb 23 API calls 96289->96384 96290 b6fe0b 22 API calls 96290->96296 96291->96300 96391 bc359c 82 API calls __wsopen_s 96291->96391 96298 b61563 96293->96298 96295 b5ec40 349 API calls 96295->96296 96296->96277 96296->96280 96296->96281 96296->96288 96296->96290 96296->96295 96297 ba63b2 96296->96297 96296->96300 96388 bc359c 82 API calls __wsopen_s 96297->96388 96298->96291 96303 b615c7 ISource 96298->96303 96390 b5a8c7 22 API calls __fread_nolock 96298->96390 96300->96252 96302 b61940 9 API calls 96302->96303 96303->96289 96303->96291 96303->96300 96303->96302 96306 b6167b ISource 96303->96306 96333 b6f645 96303->96333 96340 be29bf 96303->96340 96344 be19bc 96303->96344 96347 bda67c CreateToolhelp32Snapshot Process32FirstW 96303->96347 96367 bc5c5a 96303->96367 96372 bdab67 96303->96372 96375 bdabf7 96303->96375 96304 b6171d 96304->96252 96306->96304 96380 b6ce17 22 API calls ISource 96306->96380 96314->96252 96315->96252 96316->96253 96317->96253 96318->96253 96319->96253 96320->96253 96321->96250 96322->96253 96324 b61981 96323->96324 96328 b6195d 96323->96328 96392 b70242 5 API calls __Init_thread_wait 96324->96392 96326 b6198b 96326->96328 96393 b701f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 96326->96393 96332 b613a0 96328->96332 96394 b70242 5 API calls __Init_thread_wait 96328->96394 96329 b68727 96329->96332 96395 b701f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 96329->96395 96332->96268 96396 b5b567 96333->96396 96335 b6f659 96336 baf2dc Sleep 96335->96336 96337 b6f661 timeGetTime 96335->96337 96338 b5b567 39 API calls 96337->96338 96339 b6f677 96338->96339 96339->96303 96341 be29cb 96340->96341 96342 be2a01 GetForegroundWindow 96341->96342 96343 be29d1 96341->96343 96342->96343 96343->96303 96402 be2ad8 96344->96402 96346 be19cb 96346->96303 96351 bda6c3 96347->96351 96348 b5a961 22 API calls 96348->96351 96349 b59cb3 22 API calls 96349->96351 96351->96348 96351->96349 96352 b56350 22 API calls 96351->96352 96353 b57510 53 API calls 96351->96353 96356 bda796 Process32NextW 96351->96356 96440 b5525f 96351->96440 96482 b6ce60 41 API calls 96351->96482 96483 bdb574 22 API calls __fread_nolock 96351->96483 96352->96351 96353->96351 96356->96351 96357 bda7aa CloseHandle 96356->96357 96358 b563eb 22 API calls 96357->96358 96359 bda7b9 96358->96359 96484 b56a50 22 API calls 96359->96484 96361 bda7cd 96485 b604f0 22 API calls 96361->96485 96363 b604f0 22 API calls 96366 bda7d9 96363->96366 96364 bda87d 96364->96303 96366->96363 96366->96364 96486 b562b5 22 API calls 96366->96486 96368 b57510 53 API calls 96367->96368 96369 bc5c6d 96368->96369 96507 bbdbbe lstrlenW 96369->96507 96371 bc5c77 96371->96303 96512 bdaff9 96372->96512 96376 bdaff9 217 API calls 96375->96376 96378 bdac0c 96376->96378 96377 bdac54 96377->96303 96378->96377 96379 b5aceb 23 API calls 96378->96379 96379->96377 96380->96306 96381->96265 96382->96267 96383->96289 96384->96289 96385->96263 96386->96300 96387->96300 96388->96300 96389->96298 96390->96303 96391->96300 96392->96326 96393->96328 96394->96329 96395->96332 96397 b5b578 96396->96397 96398 b5b57f 96396->96398 96397->96398 96401 b762d1 39 API calls _strftime 96397->96401 96398->96335 96400 b5b5c2 96400->96335 96401->96400 96403 b5aceb 23 API calls 96402->96403 96404 be2af3 96403->96404 96405 be2aff 96404->96405 96406 be2b1d 96404->96406 96412 b57510 96405->96412 96408 b56b57 22 API calls 96406->96408 96409 be2b1b 96408->96409 96409->96346 96413 b57525 96412->96413 96414 b57522 96412->96414 96415 b5752d 96413->96415 96416 b5755b 96413->96416 96414->96409 96435 b5a8c7 22 API calls __fread_nolock 96414->96435 96436 b751c6 26 API calls 96415->96436 96418 b950f6 96416->96418 96419 b5756d 96416->96419 96426 b9500f 96416->96426 96439 b75183 26 API calls 96418->96439 96437 b6fb21 51 API calls 96419->96437 96420 b5753d 96425 b6fddb 22 API calls 96420->96425 96423 b9510e 96423->96423 96427 b57547 96425->96427 96429 b6fe0b 22 API calls 96426->96429 96434 b95088 96426->96434 96428 b59cb3 22 API calls 96427->96428 96428->96414 96431 b95058 96429->96431 96430 b6fddb 22 API calls 96432 b9507f 96430->96432 96431->96430 96433 b59cb3 22 API calls 96432->96433 96433->96434 96438 b6fb21 51 API calls 96434->96438 96435->96409 96436->96420 96437->96420 96438->96418 96439->96423 96441 b5a961 22 API calls 96440->96441 96442 b55275 96441->96442 96443 b5a961 22 API calls 96442->96443 96444 b5527d 96443->96444 96445 b5a961 22 API calls 96444->96445 96446 b55285 96445->96446 96447 b5a961 22 API calls 96446->96447 96448 b5528d 96447->96448 96449 b552c1 96448->96449 96450 b93df5 96448->96450 96452 b56d25 22 API calls 96449->96452 96502 b5a8c7 22 API calls __fread_nolock 96450->96502 96454 b552cf 96452->96454 96453 b93dfe 96455 b5a6c3 22 API calls 96453->96455 96456 b593b2 22 API calls 96454->96456 96458 b55304 96455->96458 96457 b552d9 96456->96457 96457->96458 96459 b56d25 22 API calls 96457->96459 96460 b55349 96458->96460 96461 b55325 96458->96461 96477 b93e20 96458->96477 96463 b552fa 96459->96463 96487 b56d25 96460->96487 96461->96460 96466 b54c6d 22 API calls 96461->96466 96465 b593b2 22 API calls 96463->96465 96464 b5535a 96467 b55370 96464->96467 96500 b5a8c7 22 API calls __fread_nolock 96464->96500 96465->96458 96469 b55332 96466->96469 96468 b55384 96467->96468 96501 b5a8c7 22 API calls __fread_nolock 96467->96501 96471 b5538f 96468->96471 96504 b5a8c7 22 API calls __fread_nolock 96468->96504 96469->96460 96474 b56d25 22 API calls 96469->96474 96470 b56b57 22 API calls 96479 b93ee0 96470->96479 96481 b5539a 96471->96481 96505 b5a8c7 22 API calls __fread_nolock 96471->96505 96474->96460 96477->96470 96478 b54c6d 22 API calls 96478->96479 96479->96460 96479->96478 96503 b549bd 22 API calls __fread_nolock 96479->96503 96481->96351 96482->96351 96483->96351 96484->96361 96485->96366 96486->96366 96488 b56d34 96487->96488 96489 b56d91 96487->96489 96488->96489 96490 b56d3f 96488->96490 96491 b593b2 22 API calls 96489->96491 96493 b94c9d 96490->96493 96494 b56d5a 96490->96494 96492 b56d62 __fread_nolock 96491->96492 96492->96464 96496 b6fddb 22 API calls 96493->96496 96506 b56f34 22 API calls 96494->96506 96497 b94ca7 96496->96497 96498 b6fe0b 22 API calls 96497->96498 96499 b94cda 96498->96499 96500->96467 96501->96468 96502->96453 96503->96479 96504->96471 96505->96481 96506->96492 96508 bbdbdc GetFileAttributesW 96507->96508 96509 bbdc06 96507->96509 96508->96509 96510 bbdbe8 FindFirstFileW 96508->96510 96509->96371 96510->96509 96511 bbdbf9 FindClose 96510->96511 96511->96509 96513 bdb01d ___scrt_fastfail 96512->96513 96514 bdb058 96513->96514 96515 bdb094 96513->96515 96516 b5b567 39 API calls 96514->96516 96517 b5b567 39 API calls 96515->96517 96522 bdb08b 96515->96522 96518 bdb063 96516->96518 96521 bdb0a5 96517->96521 96518->96522 96525 b5b567 39 API calls 96518->96525 96519 bdb0ed 96520 b57510 53 API calls 96519->96520 96523 bdb10b 96520->96523 96524 b5b567 39 API calls 96521->96524 96522->96519 96526 b5b567 39 API calls 96522->96526 96603 b57620 96523->96603 96524->96522 96528 bdb078 96525->96528 96526->96519 96530 b5b567 39 API calls 96528->96530 96529 bdb115 96531 bdb11f 96529->96531 96532 bdb1d8 96529->96532 96530->96522 96533 b57510 53 API calls 96531->96533 96534 bdb20a GetCurrentDirectoryW 96532->96534 96537 b57510 53 API calls 96532->96537 96535 bdb130 96533->96535 96536 b6fe0b 22 API calls 96534->96536 96539 b57620 22 API calls 96535->96539 96540 bdb22f GetCurrentDirectoryW 96536->96540 96538 bdb1ef 96537->96538 96541 b57620 22 API calls 96538->96541 96542 bdb13a 96539->96542 96543 bdb23c 96540->96543 96544 bdb1f9 _wcslen 96541->96544 96545 b57510 53 API calls 96542->96545 96547 bdb275 96543->96547 96610 b59c6e 22 API calls 96543->96610 96544->96534 96544->96547 96546 bdb14b 96545->96546 96548 b57620 22 API calls 96546->96548 96552 bdb28b 96547->96552 96553 bdb287 96547->96553 96550 bdb155 96548->96550 96554 b57510 53 API calls 96550->96554 96551 bdb255 96611 b59c6e 22 API calls 96551->96611 96613 bc07c0 10 API calls 96552->96613 96562 bdb2f8 96553->96562 96563 bdb39a CreateProcessW 96553->96563 96557 bdb166 96554->96557 96559 b57620 22 API calls 96557->96559 96558 bdb265 96612 b59c6e 22 API calls 96558->96612 96564 bdb170 96559->96564 96561 bdb294 96614 bc06e6 10 API calls 96561->96614 96616 bb11c8 39 API calls 96562->96616 96580 bdb32f _wcslen 96563->96580 96568 bdb1a6 GetSystemDirectoryW 96564->96568 96572 b57510 53 API calls 96564->96572 96567 bdb2fd 96570 bdb32a 96567->96570 96571 bdb323 96567->96571 96574 b6fe0b 22 API calls 96568->96574 96569 bdb2aa 96615 bc05a7 8 API calls 96569->96615 96618 bb14ce 6 API calls 96570->96618 96617 bb1201 128 API calls 2 library calls 96571->96617 96576 bdb187 96572->96576 96579 bdb1cb GetSystemDirectoryW 96574->96579 96582 b57620 22 API calls 96576->96582 96578 bdb2d0 96578->96553 96579->96543 96584 bdb42f CloseHandle 96580->96584 96585 bdb3d6 GetLastError 96580->96585 96581 bdb328 96581->96580 96583 bdb191 _wcslen 96582->96583 96583->96543 96583->96568 96586 bdb43f 96584->96586 96602 bdb49a 96584->96602 96593 bdb41a 96585->96593 96588 bdb446 CloseHandle 96586->96588 96589 bdb451 96586->96589 96588->96589 96591 bdb458 CloseHandle 96589->96591 96592 bdb463 96589->96592 96590 bdb4a6 96590->96593 96591->96592 96594 bdb46a CloseHandle 96592->96594 96595 bdb475 96592->96595 96607 bc0175 96593->96607 96594->96595 96619 bc09d9 34 API calls 96595->96619 96598 bdb486 96620 bdb536 25 API calls 96598->96620 96599 bdb4d2 CloseHandle 96599->96593 96602->96590 96602->96599 96604 b5762a _wcslen 96603->96604 96605 b6fe0b 22 API calls 96604->96605 96606 b5763f 96605->96606 96606->96529 96621 bc030f 96607->96621 96610->96551 96611->96558 96612->96547 96613->96561 96614->96569 96615->96578 96616->96567 96617->96581 96618->96580 96619->96598 96620->96602 96622 bc0329 96621->96622 96623 bc0321 CloseHandle 96621->96623 96624 bc032e CloseHandle 96622->96624 96625 bc0336 96622->96625 96623->96622 96624->96625 96626 bc033b CloseHandle 96625->96626 96627 bc0343 96625->96627 96626->96627 96628 bc0348 CloseHandle 96627->96628 96629 bc0350 96627->96629 96628->96629 96630 bc035d 96629->96630 96631 bc0355 CloseHandle 96629->96631 96632 bc017d 96630->96632 96633 bc0362 CloseHandle 96630->96633 96631->96630 96632->96303 96633->96632 96634 be2a55 96642 bc1ebc 96634->96642 96637 be2a70 96644 bb39c0 22 API calls 96637->96644 96638 be2a87 96640 be2a7c 96645 bb417d 22 API calls __fread_nolock 96640->96645 96643 bc1ec3 IsWindow 96642->96643 96643->96637 96643->96638 96644->96640 96645->96638 96646 b703fb 96647 b70407 ___scrt_is_nonwritable_in_current_image 96646->96647 96675 b6feb1 96647->96675 96649 b7040e 96650 b70561 96649->96650 96653 b70438 96649->96653 96705 b7083f IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter ___scrt_fastfail 96650->96705 96652 b70568 96698 b74e52 96652->96698 96663 b70477 ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock 96653->96663 96686 b8247d 96653->96686 96660 b70457 96662 b704d8 96694 b70959 96662->96694 96663->96662 96701 b74e1a 38 API calls 3 library calls 96663->96701 96666 b704de 96667 b704f3 96666->96667 96702 b70992 GetModuleHandleW 96667->96702 96669 b704fa 96669->96652 96670 b704fe 96669->96670 96671 b70507 96670->96671 96703 b74df5 28 API calls _abort 96670->96703 96704 b70040 13 API calls 2 library calls 96671->96704 96674 b7050f 96674->96660 96676 b6feba 96675->96676 96707 b70698 IsProcessorFeaturePresent 96676->96707 96678 b6fec6 96708 b72c94 10 API calls 3 library calls 96678->96708 96680 b6fecb 96685 b6fecf 96680->96685 96709 b82317 IsProcessorFeaturePresent SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 96680->96709 96682 b6fee6 96682->96649 96683 b6fed8 96683->96682 96710 b72cbd 8 API calls 3 library calls 96683->96710 96685->96649 96689 b82494 96686->96689 96688 b70451 96688->96660 96690 b82421 96688->96690 96711 b70a8c 96689->96711 96692 b82450 96690->96692 96691 b70a8c __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 96693 b82479 96691->96693 96692->96691 96693->96663 96719 b72340 96694->96719 96696 b7096c GetStartupInfoW 96697 b7097f 96696->96697 96697->96666 96721 b74bcf 96698->96721 96701->96662 96702->96669 96703->96671 96704->96674 96705->96652 96707->96678 96708->96680 96709->96683 96710->96685 96712 b70a97 IsProcessorFeaturePresent 96711->96712 96713 b70a95 96711->96713 96715 b70c5d 96712->96715 96713->96688 96718 b70c21 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 96715->96718 96717 b70d40 96717->96688 96718->96717 96720 b72357 96719->96720 96720->96696 96720->96720 96722 b74bdb pair 96721->96722 96723 b74bf4 96722->96723 96724 b74be2 96722->96724 96745 b82f5e EnterCriticalSection 96723->96745 96760 b74d29 GetModuleHandleW 96724->96760 96727 b74be7 96727->96723 96761 b74d6d GetModuleHandleExW 96727->96761 96728 b74c99 96749 b74cd9 96728->96749 96732 b74c70 96736 b74c88 96732->96736 96740 b82421 _abort 5 API calls 96732->96740 96734 b74cb6 96752 b74ce8 96734->96752 96735 b74ce2 96769 b91d29 5 API calls __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 96735->96769 96741 b82421 _abort 5 API calls 96736->96741 96740->96736 96741->96728 96742 b74bfb 96742->96728 96742->96732 96746 b821a8 96742->96746 96745->96742 96770 b81ee1 96746->96770 96789 b82fa6 LeaveCriticalSection 96749->96789 96751 b74cb2 96751->96734 96751->96735 96790 b8360c 96752->96790 96755 b74d16 96758 b74d6d _abort 8 API calls 96755->96758 96756 b74cf6 GetPEB 96756->96755 96757 b74d06 GetCurrentProcess TerminateProcess 96756->96757 96757->96755 96759 b74d1e ExitProcess 96758->96759 96760->96727 96762 b74d97 GetProcAddress 96761->96762 96763 b74dba 96761->96763 96766 b74dac 96762->96766 96764 b74dc0 FreeLibrary 96763->96764 96765 b74dc9 96763->96765 96764->96765 96767 b70a8c __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 96765->96767 96766->96763 96768 b74bf3 96767->96768 96768->96723 96773 b81e90 96770->96773 96772 b81f05 96772->96732 96774 b81e9c ___scrt_is_nonwritable_in_current_image 96773->96774 96781 b82f5e EnterCriticalSection 96774->96781 96776 b81eaa 96782 b81f31 96776->96782 96780 b81ec8 __fread_nolock 96780->96772 96781->96776 96785 b81f59 96782->96785 96787 b81f51 96782->96787 96783 b70a8c __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 96784 b81eb7 96783->96784 96788 b81ed5 LeaveCriticalSection _abort 96784->96788 96786 b829c8 _free 20 API calls 96785->96786 96785->96787 96786->96787 96787->96783 96788->96780 96789->96751 96791 b83631 96790->96791 96792 b83627 96790->96792 96797 b82fd7 5 API calls 2 library calls 96791->96797 96794 b70a8c __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 96792->96794 96795 b74cf2 96794->96795 96795->96755 96795->96756 96796 b83648 96796->96792 96797->96796 96798 b51098 96803 b542de 96798->96803 96802 b510a7 96804 b5a961 22 API calls 96803->96804 96805 b542f5 GetVersionExW 96804->96805 96806 b56b57 22 API calls 96805->96806 96807 b54342 96806->96807 96808 b593b2 22 API calls 96807->96808 96818 b54378 96807->96818 96809 b5436c 96808->96809 96811 b537a0 22 API calls 96809->96811 96810 b5441b GetCurrentProcess IsWow64Process 96812 b54437 96810->96812 96811->96818 96813 b5444f LoadLibraryA 96812->96813 96814 b93824 GetSystemInfo 96812->96814 96815 b54460 GetProcAddress 96813->96815 96816 b5449c GetSystemInfo 96813->96816 96815->96816 96820 b54470 GetNativeSystemInfo 96815->96820 96817 b54476 96816->96817 96821 b5109d 96817->96821 96822 b5447a FreeLibrary 96817->96822 96818->96810 96819 b937df 96818->96819 96820->96817 96823 b700a3 29 API calls __onexit 96821->96823 96822->96821 96823->96802 96824 b5105b 96829 b5344d 96824->96829 96826 b5106a 96860 b700a3 29 API calls __onexit 96826->96860 96828 b51074 96830 b5345d __wsopen_s 96829->96830 96831 b5a961 22 API calls 96830->96831 96832 b53513 96831->96832 96833 b53a5a 24 API calls 96832->96833 96834 b5351c 96833->96834 96861 b53357 96834->96861 96837 b533c6 22 API calls 96838 b53535 96837->96838 96839 b5515f 22 API calls 96838->96839 96840 b53544 96839->96840 96841 b5a961 22 API calls 96840->96841 96842 b5354d 96841->96842 96843 b5a6c3 22 API calls 96842->96843 96844 b53556 RegOpenKeyExW 96843->96844 96845 b93176 RegQueryValueExW 96844->96845 96850 b53578 96844->96850 96846 b9320c RegCloseKey 96845->96846 96847 b93193 96845->96847 96846->96850 96859 b9321e _wcslen 96846->96859 96848 b6fe0b 22 API calls 96847->96848 96849 b931ac 96848->96849 96852 b55722 22 API calls 96849->96852 96850->96826 96851 b54c6d 22 API calls 96851->96859 96853 b931b7 RegQueryValueExW 96852->96853 96854 b931d4 96853->96854 96856 b931ee ISource 96853->96856 96855 b56b57 22 API calls 96854->96855 96855->96856 96856->96846 96857 b59cb3 22 API calls 96857->96859 96858 b5515f 22 API calls 96858->96859 96859->96850 96859->96851 96859->96857 96859->96858 96860->96828 96862 b91f50 __wsopen_s 96861->96862 96863 b53364 GetFullPathNameW 96862->96863 96864 b53386 96863->96864 96865 b56b57 22 API calls 96864->96865 96866 b533a4 96865->96866 96866->96837 96867 ba3f75 96878 b6ceb1 96867->96878 96869 ba3f8b 96871 ba4006 96869->96871 96945 b6e300 23 API calls 96869->96945 96887 b5bf40 96871->96887 96873 ba4052 96876 ba4a88 96873->96876 96947 bc359c 82 API calls __wsopen_s 96873->96947 96875 ba3fe6 96875->96873 96946 bc1abf 22 API calls 96875->96946 96879 b6ced2 96878->96879 96880 b6cebf 96878->96880 96882 b6ced7 96879->96882 96883 b6cf05 96879->96883 96881 b5aceb 23 API calls 96880->96881 96886 b6cec9 96881->96886 96884 b6fddb 22 API calls 96882->96884 96885 b5aceb 23 API calls 96883->96885 96884->96886 96885->96886 96886->96869 96948 b5adf0 96887->96948 96889 b5bf9d 96890 ba04b6 96889->96890 96891 b5bfa9 96889->96891 96966 bc359c 82 API calls __wsopen_s 96890->96966 96893 ba04c6 96891->96893 96894 b5c01e 96891->96894 96967 bc359c 82 API calls __wsopen_s 96893->96967 96953 b5ac91 96894->96953 96898 ba09bf 96944 b5c603 96898->96944 96980 bc359c 82 API calls __wsopen_s 96898->96980 96899 b5c7da 96902 b6fe0b 22 API calls 96899->96902 96907 b5c808 __fread_nolock 96902->96907 96904 ba04f5 96908 ba055a 96904->96908 96968 b6d217 349 API calls 96904->96968 96910 b6fe0b 22 API calls 96907->96910 96908->96944 96969 bc359c 82 API calls __wsopen_s 96908->96969 96909 b5ec40 349 API calls 96932 b5c039 ISource __fread_nolock 96909->96932 96935 b5c350 ISource __fread_nolock 96910->96935 96911 b5af8a 22 API calls 96911->96932 96912 bb7120 22 API calls 96912->96932 96913 ba091a 96978 bc3209 23 API calls 96913->96978 96916 ba08a5 96917 b5ec40 349 API calls 96916->96917 96918 ba08cf 96917->96918 96918->96944 96976 b5a81b 41 API calls 96918->96976 96920 ba0591 96970 bc359c 82 API calls __wsopen_s 96920->96970 96924 ba08f6 96977 bc359c 82 API calls __wsopen_s 96924->96977 96926 b5bbe0 40 API calls 96926->96932 96927 b5c3ac 96927->96873 96928 b5aceb 23 API calls 96928->96932 96929 b6fddb 22 API calls 96929->96932 96930 b5c237 96931 b5c253 96930->96931 96979 b5a8c7 22 API calls __fread_nolock 96930->96979 96936 ba0976 96931->96936 96939 b5c297 ISource 96931->96939 96932->96898 96932->96899 96932->96904 96932->96907 96932->96908 96932->96909 96932->96911 96932->96912 96932->96913 96932->96916 96932->96920 96932->96924 96932->96926 96932->96928 96932->96929 96932->96930 96933 b6fe0b 22 API calls 96932->96933 96932->96944 96957 b5ad81 96932->96957 96971 bb7099 22 API calls __fread_nolock 96932->96971 96972 bd5745 54 API calls _wcslen 96932->96972 96973 b6aa42 22 API calls ISource 96932->96973 96974 bbf05c 40 API calls 96932->96974 96975 b5a993 41 API calls 96932->96975 96933->96932 96935->96927 96965 b6ce17 22 API calls ISource 96935->96965 96938 b5aceb 23 API calls 96936->96938 96938->96898 96939->96898 96940 b5aceb 23 API calls 96939->96940 96941 b5c335 96940->96941 96941->96898 96942 b5c342 96941->96942 96964 b5a704 22 API calls ISource 96942->96964 96944->96873 96945->96875 96946->96871 96947->96876 96949 b5ae01 96948->96949 96952 b5ae1c ISource 96948->96952 96950 b5aec9 22 API calls 96949->96950 96951 b5ae09 CharUpperBuffW 96950->96951 96951->96952 96952->96889 96954 b5acae 96953->96954 96955 b5acd1 96954->96955 96981 bc359c 82 API calls __wsopen_s 96954->96981 96955->96932 96958 b9fadb 96957->96958 96959 b5ad92 96957->96959 96960 b6fddb 22 API calls 96959->96960 96961 b5ad99 96960->96961 96982 b5adcd 96961->96982 96964->96935 96965->96935 96966->96893 96967->96944 96968->96908 96969->96944 96970->96944 96971->96932 96972->96932 96973->96932 96974->96932 96975->96932 96976->96924 96977->96944 96978->96930 96979->96931 96980->96944 96981->96955 96986 b5addd 96982->96986 96983 b5adb6 96983->96932 96984 b6fddb 22 API calls 96984->96986 96985 b5a961 22 API calls 96985->96986 96986->96983 96986->96984 96986->96985 96988 b5adcd 22 API calls 96986->96988 96989 b5a8c7 22 API calls __fread_nolock 96986->96989 96988->96986 96989->96986 96990 b51044 96995 b510f3 96990->96995 96992 b5104a 97031 b700a3 29 API calls __onexit 96992->97031 96994 b51054 97032 b51398 96995->97032 96999 b5116a 97000 b5a961 22 API calls 96999->97000 97001 b51174 97000->97001 97002 b5a961 22 API calls 97001->97002 97003 b5117e 97002->97003 97004 b5a961 22 API calls 97003->97004 97005 b51188 97004->97005 97006 b5a961 22 API calls 97005->97006 97007 b511c6 97006->97007 97008 b5a961 22 API calls 97007->97008 97009 b51292 97008->97009 97042 b5171c 97009->97042 97013 b512c4 97014 b5a961 22 API calls 97013->97014 97015 b512ce 97014->97015 97016 b61940 9 API calls 97015->97016 97017 b512f9 97016->97017 97063 b51aab 97017->97063 97019 b51315 97020 b51325 GetStdHandle 97019->97020 97021 b92485 97020->97021 97023 b5137a 97020->97023 97022 b9248e 97021->97022 97021->97023 97024 b6fddb 22 API calls 97022->97024 97026 b51387 OleInitialize 97023->97026 97025 b92495 97024->97025 97070 bc011d InitializeCriticalSectionAndSpinCount InterlockedExchange GetCurrentProcess GetCurrentProcess DuplicateHandle 97025->97070 97026->96992 97028 b9249e 97071 bc0944 CreateThread 97028->97071 97030 b924aa CloseHandle 97030->97023 97031->96994 97072 b513f1 97032->97072 97035 b513f1 22 API calls 97036 b513d0 97035->97036 97037 b5a961 22 API calls 97036->97037 97038 b513dc 97037->97038 97039 b56b57 22 API calls 97038->97039 97040 b51129 97039->97040 97041 b51bc3 6 API calls 97040->97041 97041->96999 97043 b5a961 22 API calls 97042->97043 97044 b5172c 97043->97044 97045 b5a961 22 API calls 97044->97045 97046 b51734 97045->97046 97047 b5a961 22 API calls 97046->97047 97048 b5174f 97047->97048 97049 b6fddb 22 API calls 97048->97049 97050 b5129c 97049->97050 97051 b51b4a 97050->97051 97052 b51b58 97051->97052 97053 b5a961 22 API calls 97052->97053 97054 b51b63 97053->97054 97055 b5a961 22 API calls 97054->97055 97056 b51b6e 97055->97056 97057 b5a961 22 API calls 97056->97057 97058 b51b79 97057->97058 97059 b5a961 22 API calls 97058->97059 97060 b51b84 97059->97060 97061 b6fddb 22 API calls 97060->97061 97062 b51b96 RegisterWindowMessageW 97061->97062 97062->97013 97064 b9272d 97063->97064 97065 b51abb 97063->97065 97079 bc3209 23 API calls 97064->97079 97066 b6fddb 22 API calls 97065->97066 97068 b51ac3 97066->97068 97068->97019 97069 b92738 97070->97028 97071->97030 97080 bc092a 28 API calls 97071->97080 97073 b5a961 22 API calls 97072->97073 97074 b513fc 97073->97074 97075 b5a961 22 API calls 97074->97075 97076 b51404 97075->97076 97077 b5a961 22 API calls 97076->97077 97078 b513c6 97077->97078 97078->97035 97079->97069 97081 b52de3 97082 b52df0 __wsopen_s 97081->97082 97083 b92c2b ___scrt_fastfail 97082->97083 97084 b52e09 97082->97084 97086 b92c47 GetOpenFileNameW 97083->97086 97085 b53aa2 23 API calls 97084->97085 97087 b52e12 97085->97087 97088 b92c96 97086->97088 97097 b52da5 97087->97097 97090 b56b57 22 API calls 97088->97090 97092 b92cab 97090->97092 97092->97092 97094 b52e27 97115 b544a8 97094->97115 97098 b91f50 __wsopen_s 97097->97098 97099 b52db2 GetLongPathNameW 97098->97099 97100 b56b57 22 API calls 97099->97100 97101 b52dda 97100->97101 97102 b53598 97101->97102 97103 b5a961 22 API calls 97102->97103 97104 b535aa 97103->97104 97105 b53aa2 23 API calls 97104->97105 97106 b535b5 97105->97106 97107 b932eb 97106->97107 97108 b535c0 97106->97108 97113 b9330d 97107->97113 97150 b6ce60 41 API calls 97107->97150 97109 b5515f 22 API calls 97108->97109 97111 b535cc 97109->97111 97144 b535f3 97111->97144 97114 b535df 97114->97094 97116 b54ecb 94 API calls 97115->97116 97117 b544cd 97116->97117 97118 b93833 97117->97118 97119 b54ecb 94 API calls 97117->97119 97120 bc2cf9 80 API calls 97118->97120 97121 b544e1 97119->97121 97122 b93848 97120->97122 97121->97118 97123 b544e9 97121->97123 97124 b93869 97122->97124 97125 b9384c 97122->97125 97127 b544f5 97123->97127 97128 b93854 97123->97128 97126 b6fe0b 22 API calls 97124->97126 97129 b54f39 68 API calls 97125->97129 97143 b938ae 97126->97143 97151 b5940c 136 API calls 2 library calls 97127->97151 97152 bbda5a 82 API calls 97128->97152 97129->97128 97132 b52e31 97133 b93862 97133->97124 97134 b54f39 68 API calls 97137 b93a5f 97134->97137 97137->97134 97158 bb989b 82 API calls __wsopen_s 97137->97158 97140 b59cb3 22 API calls 97140->97143 97143->97137 97143->97140 97153 bb967e 22 API calls __fread_nolock 97143->97153 97154 bb95ad 42 API calls _wcslen 97143->97154 97155 bc0b5a 22 API calls 97143->97155 97156 b5a4a1 22 API calls __fread_nolock 97143->97156 97157 b53ff7 22 API calls 97143->97157 97145 b53605 97144->97145 97149 b53624 __fread_nolock 97144->97149 97147 b6fe0b 22 API calls 97145->97147 97146 b6fddb 22 API calls 97148 b5363b 97146->97148 97147->97149 97148->97114 97149->97146 97150->97107 97151->97132 97152->97133 97153->97143 97154->97143 97155->97143 97156->97143 97157->97143 97158->97137 97159 b51cad SystemParametersInfoW 97160 ba2a00 97175 b5d7b0 ISource 97160->97175 97161 b5db11 PeekMessageW 97161->97175 97162 b5d807 GetInputState 97162->97161 97162->97175 97164 ba1cbe TranslateAcceleratorW 97164->97175 97165 b5db73 TranslateMessage DispatchMessageW 97166 b5db8f PeekMessageW 97165->97166 97166->97175 97167 b5da04 timeGetTime 97167->97175 97168 b5dbaf Sleep 97168->97175 97169 ba2b74 Sleep 97182 ba2ae5 97169->97182 97171 ba1dda timeGetTime 97206 b6e300 23 API calls 97171->97206 97175->97161 97175->97162 97175->97164 97175->97165 97175->97166 97175->97167 97175->97168 97175->97169 97175->97171 97180 be29bf GetForegroundWindow 97175->97180 97181 b5d9d5 97175->97181 97175->97182 97188 b5ec40 349 API calls 97175->97188 97189 b61310 349 API calls 97175->97189 97190 b5bf40 349 API calls 97175->97190 97192 b5dd50 97175->97192 97199 b6edf6 97175->97199 97204 b5dfd0 349 API calls 3 library calls 97175->97204 97205 b6e551 timeGetTime 97175->97205 97207 bc3a2a 23 API calls 97175->97207 97208 bc359c 82 API calls __wsopen_s 97175->97208 97176 ba2c0b GetExitCodeProcess 97178 ba2c21 WaitForSingleObject 97176->97178 97179 ba2c37 CloseHandle 97176->97179 97178->97175 97178->97179 97179->97182 97180->97175 97182->97175 97182->97176 97182->97181 97183 ba2ca9 Sleep 97182->97183 97209 bd5658 23 API calls 97182->97209 97210 bbe97b QueryPerformanceCounter QueryPerformanceFrequency Sleep QueryPerformanceCounter Sleep 97182->97210 97211 b6e551 timeGetTime 97182->97211 97212 bbd4dc 47 API calls 97182->97212 97183->97175 97188->97175 97189->97175 97190->97175 97193 b5dd83 97192->97193 97194 b5dd6f 97192->97194 97245 bc359c 82 API calls __wsopen_s 97193->97245 97213 b5d260 97194->97213 97196 b5dd7a 97196->97175 97198 ba2f75 97198->97198 97201 b6ee09 97199->97201 97203 b6ee12 97199->97203 97200 b6ee36 IsDialogMessageW 97200->97201 97200->97203 97201->97175 97202 baefaf GetClassLongW 97202->97200 97202->97203 97203->97200 97203->97201 97203->97202 97204->97175 97205->97175 97206->97175 97207->97175 97208->97175 97209->97182 97210->97182 97211->97182 97212->97182 97214 b5ec40 349 API calls 97213->97214 97231 b5d29d 97214->97231 97215 ba1bc4 97252 bc359c 82 API calls __wsopen_s 97215->97252 97217 b5d30b ISource 97217->97196 97218 b5d6d5 97218->97217 97229 b6fe0b 22 API calls 97218->97229 97219 b5d3c3 97219->97218 97220 b5d3ce 97219->97220 97222 b6fddb 22 API calls 97220->97222 97221 b5d5ff 97223 b5d614 97221->97223 97224 ba1bb5 97221->97224 97235 b5d3d5 __fread_nolock 97222->97235 97226 b6fddb 22 API calls 97223->97226 97251 bd5705 23 API calls 97224->97251 97225 b5d4b8 97230 b6fe0b 22 API calls 97225->97230 97239 b5d46a 97226->97239 97228 b6fddb 22 API calls 97228->97231 97229->97235 97232 b5d429 ISource __fread_nolock 97230->97232 97231->97215 97231->97217 97231->97218 97231->97219 97231->97225 97231->97228 97231->97232 97232->97221 97237 ba1ba4 97232->97237 97232->97239 97241 ba1b7f 97232->97241 97243 ba1b5d 97232->97243 97247 b51f6f 349 API calls 97232->97247 97233 b6fddb 22 API calls 97234 b5d3f6 97233->97234 97234->97232 97246 b5bec0 349 API calls 97234->97246 97235->97233 97235->97234 97250 bc359c 82 API calls __wsopen_s 97237->97250 97239->97196 97249 bc359c 82 API calls __wsopen_s 97241->97249 97248 bc359c 82 API calls __wsopen_s 97243->97248 97245->97198 97246->97232 97247->97232 97248->97239 97249->97239 97250->97239 97251->97215 97252->97217 97253 b88402 97258 b881be 97253->97258 97256 b8842a 97263 b881ef try_get_first_available_module 97258->97263 97260 b883ee 97277 b827ec 26 API calls __cftof 97260->97277 97262 b88343 97262->97256 97270 b90984 97262->97270 97266 b88338 97263->97266 97273 b78e0b 40 API calls 2 library calls 97263->97273 97265 b8838c 97265->97266 97274 b78e0b 40 API calls 2 library calls 97265->97274 97266->97262 97276 b7f2d9 20 API calls _abort 97266->97276 97268 b883ab 97268->97266 97275 b78e0b 40 API calls 2 library calls 97268->97275 97278 b90081 97270->97278 97272 b9099f 97272->97256 97273->97265 97274->97268 97275->97266 97276->97260 97277->97262 97279 b9008d ___scrt_is_nonwritable_in_current_image 97278->97279 97280 b9009b 97279->97280 97282 b900d4 97279->97282 97336 b7f2d9 20 API calls _abort 97280->97336 97289 b9065b 97282->97289 97283 b900a0 97337 b827ec 26 API calls __cftof 97283->97337 97288 b900aa __fread_nolock 97288->97272 97339 b9042f 97289->97339 97292 b9068d 97371 b7f2c6 20 API calls _abort 97292->97371 97293 b906a6 97357 b85221 97293->97357 97296 b906ab 97297 b906cb 97296->97297 97298 b906b4 97296->97298 97370 b9039a CreateFileW 97297->97370 97373 b7f2c6 20 API calls _abort 97298->97373 97302 b906b9 97374 b7f2d9 20 API calls _abort 97302->97374 97304 b90781 GetFileType 97305 b9078c GetLastError 97304->97305 97306 b907d3 97304->97306 97377 b7f2a3 20 API calls __dosmaperr 97305->97377 97379 b8516a 21 API calls 2 library calls 97306->97379 97307 b90692 97372 b7f2d9 20 API calls _abort 97307->97372 97308 b90704 97308->97304 97309 b90756 GetLastError 97308->97309 97375 b9039a CreateFileW 97308->97375 97376 b7f2a3 20 API calls __dosmaperr 97309->97376 97312 b9079a CloseHandle 97312->97307 97314 b907c3 97312->97314 97378 b7f2d9 20 API calls _abort 97314->97378 97316 b90749 97316->97304 97316->97309 97318 b907f4 97319 b90840 97318->97319 97380 b905ab 72 API calls 3 library calls 97318->97380 97324 b9086d 97319->97324 97381 b9014d 72 API calls 4 library calls 97319->97381 97320 b907c8 97320->97307 97323 b90866 97323->97324 97325 b9087e 97323->97325 97326 b886ae __wsopen_s 29 API calls 97324->97326 97327 b900f8 97325->97327 97328 b908fc CloseHandle 97325->97328 97326->97327 97338 b90121 LeaveCriticalSection __wsopen_s 97327->97338 97382 b9039a CreateFileW 97328->97382 97330 b90927 97331 b90931 GetLastError 97330->97331 97332 b9095d 97330->97332 97383 b7f2a3 20 API calls __dosmaperr 97331->97383 97332->97327 97334 b9093d 97384 b85333 21 API calls 2 library calls 97334->97384 97336->97283 97337->97288 97338->97288 97340 b90450 97339->97340 97341 b9046a 97339->97341 97340->97341 97392 b7f2d9 20 API calls _abort 97340->97392 97385 b903bf 97341->97385 97344 b9045f 97393 b827ec 26 API calls __cftof 97344->97393 97346 b904a2 97347 b904d1 97346->97347 97394 b7f2d9 20 API calls _abort 97346->97394 97354 b90524 97347->97354 97396 b7d70d 26 API calls 2 library calls 97347->97396 97350 b9051f 97352 b9059e 97350->97352 97350->97354 97351 b904c6 97395 b827ec 26 API calls __cftof 97351->97395 97397 b827fc 11 API calls _abort 97352->97397 97354->97292 97354->97293 97356 b905aa 97358 b8522d ___scrt_is_nonwritable_in_current_image 97357->97358 97400 b82f5e EnterCriticalSection 97358->97400 97360 b8527b 97401 b8532a 97360->97401 97361 b85259 97404 b85000 21 API calls 3 library calls 97361->97404 97362 b85234 97362->97360 97362->97361 97367 b852c7 EnterCriticalSection 97362->97367 97365 b852a4 __fread_nolock 97365->97296 97366 b8525e 97366->97360 97405 b85147 EnterCriticalSection 97366->97405 97367->97360 97368 b852d4 LeaveCriticalSection 97367->97368 97368->97362 97370->97308 97371->97307 97372->97327 97373->97302 97374->97307 97375->97316 97376->97307 97377->97312 97378->97320 97379->97318 97380->97319 97381->97323 97382->97330 97383->97334 97384->97332 97388 b903d7 97385->97388 97386 b903f2 97386->97346 97388->97386 97398 b7f2d9 20 API calls _abort 97388->97398 97389 b90416 97399 b827ec 26 API calls __cftof 97389->97399 97391 b90421 97391->97346 97392->97344 97393->97341 97394->97351 97395->97347 97396->97350 97397->97356 97398->97389 97399->97391 97400->97362 97406 b82fa6 LeaveCriticalSection 97401->97406 97403 b85331 97403->97365 97404->97366 97405->97360 97406->97403 97407 b92402 97410 b51410 97407->97410 97411 b924b8 DestroyWindow 97410->97411 97412 b5144f mciSendStringW 97410->97412 97424 b924c4 97411->97424 97413 b516c6 97412->97413 97414 b5146b 97412->97414 97413->97414 97416 b516d5 UnregisterHotKey 97413->97416 97415 b51479 97414->97415 97414->97424 97443 b5182e 97415->97443 97416->97413 97418 b924d8 97418->97424 97449 b56246 CloseHandle 97418->97449 97419 b924e2 FindClose 97419->97424 97421 b92509 97425 b9252d 97421->97425 97426 b9251c FreeLibrary 97421->97426 97423 b5148e 97423->97425 97433 b5149c 97423->97433 97424->97418 97424->97419 97424->97421 97427 b92541 VirtualFree 97425->97427 97434 b51509 97425->97434 97426->97421 97427->97425 97428 b514f8 CoUninitialize 97428->97434 97429 b92589 97436 b92598 ISource 97429->97436 97450 bc32eb 6 API calls ISource 97429->97450 97430 b51514 97431 b51524 97430->97431 97447 b51944 VirtualFreeEx CloseHandle 97431->97447 97433->97428 97434->97429 97434->97430 97439 b92627 97436->97439 97451 bb64d4 22 API calls ISource 97436->97451 97438 b5153a 97438->97436 97440 b5161f 97438->97440 97440->97439 97448 b51876 CloseHandle InternetCloseHandle InternetCloseHandle WaitForSingleObject 97440->97448 97442 b516c1 97444 b5183b 97443->97444 97445 b51480 97444->97445 97452 bb702a 22 API calls 97444->97452 97445->97421 97445->97423 97447->97438 97448->97442 97449->97418 97450->97429 97451->97436 97452->97444 97453 b92ba5 97454 b52b25 97453->97454 97455 b92baf 97453->97455 97481 b52b83 7 API calls 97454->97481 97457 b53a5a 24 API calls 97455->97457 97459 b92bb8 97457->97459 97461 b59cb3 22 API calls 97459->97461 97463 b92bc6 97461->97463 97462 b52b2f 97467 b53837 49 API calls 97462->97467 97471 b52b44 97462->97471 97464 b92bce 97463->97464 97465 b92bf5 97463->97465 97468 b533c6 22 API calls 97464->97468 97466 b533c6 22 API calls 97465->97466 97479 b92bf1 GetForegroundWindow ShellExecuteW 97466->97479 97467->97471 97469 b92bd9 97468->97469 97472 b56350 22 API calls 97469->97472 97470 b52b5f 97478 b52b66 SetCurrentDirectoryW 97470->97478 97471->97470 97474 b530f2 Shell_NotifyIconW 97471->97474 97475 b92be7 97472->97475 97474->97470 97477 b533c6 22 API calls 97475->97477 97476 b92c26 97476->97470 97477->97479 97480 b52b7a 97478->97480 97479->97476 97485 b52cd4 7 API calls 97481->97485 97483 b52b2a 97484 b52c63 CreateWindowExW CreateWindowExW ShowWindow ShowWindow 97483->97484 97484->97462 97485->97483

                                                        Executed Functions

                                                        Function 00B542DE Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 235libraryloaderCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 389 b542de-b5434d call b5a961 GetVersionExW call b56b57 394 b54353 389->394 395 b93617-b9362a 389->395 397 b54355-b54357 394->397 396 b9362b-b9362f 395->396 398 b93631 396->398 399 b93632-b9363e 396->399 400 b5435d-b543bc call b593b2 call b537a0 397->400 401 b93656 397->401 398->399 399->396 403 b93640-b93642 399->403 417 b937df-b937e6 400->417 418 b543c2-b543c4 400->418 406 b9365d-b93660 401->406 403->397 405 b93648-b9364f 403->405 405->395 410 b93651 405->410 407 b5441b-b54435 GetCurrentProcess IsWow64Process 406->407 408 b93666-b936a8 406->408 413 b54494-b5449a 407->413 414 b54437 407->414 408->407 411 b936ae-b936b1 408->411 410->401 415 b936db-b936e5 411->415 416 b936b3-b936bd 411->416 419 b5443d-b54449 413->419 414->419 423 b936f8-b93702 415->423 424 b936e7-b936f3 415->424 420 b936ca-b936d6 416->420 421 b936bf-b936c5 416->421 425 b937e8 417->425 426 b93806-b93809 417->426 418->406 422 b543ca-b543dd 418->422 427 b5444f-b5445e LoadLibraryA 419->427 428 b93824-b93828 GetSystemInfo 419->428 420->407 421->407 429 b543e3-b543e5 422->429 430 b93726-b9372f 422->430 432 b93715-b93721 423->432 433 b93704-b93710 423->433 424->407 431 b937ee 425->431 434 b9380b-b9381a 426->434 435 b937f4-b937fc 426->435 436 b54460-b5446e GetProcAddress 427->436 437 b5449c-b544a6 GetSystemInfo 427->437 439 b9374d-b93762 429->439 440 b543eb-b543ee 429->440 441 b9373c-b93748 430->441 442 b93731-b93737 430->442 431->435 432->407 433->407 434->431 443 b9381c-b93822 434->443 435->426 436->437 444 b54470-b54474 GetNativeSystemInfo 436->444 438 b54476-b54478 437->438 445 b54481-b54493 438->445 446 b5447a-b5447b FreeLibrary 438->446 449 b9376f-b9377b 439->449 450 b93764-b9376a 439->450 447 b543f4-b5440f 440->447 448 b93791-b93794 440->448 441->407 442->407 443->435 444->438 446->445 452 b54415 447->452 453 b93780-b9378c 447->453 448->407 451 b9379a-b937c1 448->451 449->407 450->407 454 b937ce-b937da 451->454 455 b937c3-b937c9 451->455 452->407 453->407 454->407 455->407
                                                        APIs
                                                        • GetVersionExW.KERNEL32(?), ref: 00B5430D
                                                          • Part of subcall function 00B56B57: _wcslen.LIBCMT ref: 00B56B6A
                                                        • GetCurrentProcess.KERNEL32(?,00BECB64,00000000,?,?), ref: 00B54422
                                                        • IsWow64Process.KERNEL32(00000000,?,?), ref: 00B54429
                                                        • LoadLibraryA.KERNEL32(kernel32.dll,?,?), ref: 00B54454
                                                        • GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 00B54466
                                                        • GetNativeSystemInfo.KERNELBASE(?,?,?), ref: 00B54474
                                                        • FreeLibrary.KERNEL32(00000000,?,?), ref: 00B5447B
                                                        • GetSystemInfo.KERNEL32(?,?,?), ref: 00B544A0
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: InfoLibraryProcessSystem$AddressCurrentFreeLoadNativeProcVersionWow64_wcslen
                                                        • String ID: GetNativeSystemInfo$kernel32.dll$|O
                                                        • API String ID: 3290436268-3101561225
                                                        • Opcode ID: 92ff46c64f27ed8d3880bd91d681ecf9efd3bba94f2e83c191d4e74478582042
                                                        • Instruction ID: e24796157f1e3cdc35be3eed7d250c0812f3500cf92cfd127d974ead971aafe7
                                                        • Opcode Fuzzy Hash: 92ff46c64f27ed8d3880bd91d681ecf9efd3bba94f2e83c191d4e74478582042
                                                        • Instruction Fuzzy Hash: E3A19F6696A3C0CBCB31CB69788579D7FE6AB36704B0C58E9DC4197F31D6304A4ACB21
                                                        Function 00B542A2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 61COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 793 b542a2-b542ba CreateStreamOnHGlobal 794 b542bc-b542d3 FindResourceExW 793->794 795 b542da-b542dd 793->795 796 b935ba-b935c9 LoadResource 794->796 797 b542d9 794->797 796->797 798 b935cf-b935dd SizeofResource 796->798 797->795 798->797 799 b935e3-b935ee LockResource 798->799 799->797 800 b935f4-b93612 799->800 800->797
                                                        APIs
                                                        • CreateStreamOnHGlobal.COMBASE(00000000,00000001,?,?,?,?,?,00B550AA,?,?,00000000,00000000), ref: 00B542B2
                                                        • FindResourceExW.KERNEL32(?,0000000A,SCRIPT,00000000,?,?,00B550AA,?,?,00000000,00000000), ref: 00B542C9
                                                        • LoadResource.KERNEL32(?,00000000,?,?,00B550AA,?,?,00000000,00000000,?,?,?,?,?,?,00B54F20), ref: 00B935BE
                                                        • SizeofResource.KERNEL32(?,00000000,?,?,00B550AA,?,?,00000000,00000000,?,?,?,?,?,?,00B54F20), ref: 00B935D3
                                                        • LockResource.KERNEL32(00B550AA,?,?,00B550AA,?,?,00000000,00000000,?,?,?,?,?,?,00B54F20,?), ref: 00B935E6
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: Resource$CreateFindGlobalLoadLockSizeofStream
                                                        • String ID: SCRIPT
                                                        • API String ID: 3051347437-3967369404
                                                        • Opcode ID: c4d6785b3ac87d1133ae2d02c5681ae3f33754ea3563984663f3b29478e5dcf8
                                                        • Instruction ID: c880077a2ff284e09d48a06dda90ab90623dee3ccda88bbd37801f64dd9ca362
                                                        • Opcode Fuzzy Hash: c4d6785b3ac87d1133ae2d02c5681ae3f33754ea3563984663f3b29478e5dcf8
                                                        • Instruction Fuzzy Hash: 39117070200741BFEB218B65DC88F277BF9EBC5B56F1441A9B9029A150DB71D8458620
                                                        Function 00B92BA5 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        APIs
                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 00B52B6B
                                                          • Part of subcall function 00B53A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,00C21418,?,00B52E7F,?,?,?,00000000), ref: 00B53A78
                                                          • Part of subcall function 00B59CB3: _wcslen.LIBCMT ref: 00B59CBD
                                                        • GetForegroundWindow.USER32(runas,?,?,?,?,?,00C12224), ref: 00B92C10
                                                        • ShellExecuteW.SHELL32(00000000,?,?,00C12224), ref: 00B92C17
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: CurrentDirectoryExecuteFileForegroundModuleNameShellWindow_wcslen
                                                        • String ID: runas
                                                        • API String ID: 448630720-4000483414
                                                        • Opcode ID: 8e5caf6ac5075ba653f134c0fb04994fb1ca4b7951c7bbe2fac0fed76bce5041
                                                        • Instruction ID: cae59f4b70cecf9f46a60f910e074795fe30794b67d74817597b5f0a674f3681
                                                        • Opcode Fuzzy Hash: 8e5caf6ac5075ba653f134c0fb04994fb1ca4b7951c7bbe2fac0fed76bce5041
                                                        • Instruction Fuzzy Hash: 8C11D531204345AACB14FF20D891BAD7BE4DFA6782F4804ECBD46031A2DF20894E9712
                                                        Function 00BDA67C Relevance: 6.2, APIs: 4, Instructions: 175processCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        APIs
                                                        • CreateToolhelp32Snapshot.KERNEL32 ref: 00BDA6AC
                                                        • Process32FirstW.KERNEL32(00000000,?), ref: 00BDA6BA
                                                          • Part of subcall function 00B59CB3: _wcslen.LIBCMT ref: 00B59CBD
                                                        • Process32NextW.KERNEL32(00000000,?), ref: 00BDA79C
                                                        • CloseHandle.KERNELBASE(00000000), ref: 00BDA7AB
                                                          • Part of subcall function 00B6CE60: CompareStringW.KERNEL32(00000409,00000001,?,00000000,00000000,?,?,00000000,?,00B93303,?), ref: 00B6CE8A
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: Process32$CloseCompareCreateFirstHandleNextSnapshotStringToolhelp32_wcslen
                                                        • String ID:
                                                        • API String ID: 1991900642-0
                                                        • Opcode ID: 7fc414efc345f5702a61146e9af26acee2473f3a4a9dbd73da82b2392485669a
                                                        • Instruction ID: 417b68561b770de64fadc4ba996439148bcedd01ba8b6fbe0a5b2ff2bcf3297e
                                                        • Opcode Fuzzy Hash: 7fc414efc345f5702a61146e9af26acee2473f3a4a9dbd73da82b2392485669a
                                                        • Instruction Fuzzy Hash: 8E515D71508300AFD710EF24D886A6BBBE8FF89754F40499DF98997252EB31D908CB92
                                                        Function 00BBDBBE Relevance: 6.0, APIs: 4, Instructions: 29filestringCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 1019 bbdbbe-bbdbda lstrlenW 1020 bbdbdc-bbdbe6 GetFileAttributesW 1019->1020 1021 bbdc06 1019->1021 1022 bbdc09-bbdc0d 1020->1022 1023 bbdbe8-bbdbf7 FindFirstFileW 1020->1023 1021->1022 1023->1021 1024 bbdbf9-bbdc04 FindClose 1023->1024 1024->1022
                                                        APIs
                                                        • lstrlenW.KERNEL32(?,00B95222), ref: 00BBDBCE
                                                        • GetFileAttributesW.KERNELBASE(?), ref: 00BBDBDD
                                                        • FindFirstFileW.KERNEL32(?,?), ref: 00BBDBEE
                                                        • FindClose.KERNEL32(00000000), ref: 00BBDBFA
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: FileFind$AttributesCloseFirstlstrlen
                                                        • String ID:
                                                        • API String ID: 2695905019-0
                                                        • Opcode ID: e5b2c776b197f412ac63cc2e4483f3cfc403426cbe41fbc8b30c0bb00b0cecb5
                                                        • Instruction ID: 32aa32ee30afca23db85c94eb594c509efdbeefb3b25f5cdee182ed47e7fa3c7
                                                        • Opcode Fuzzy Hash: e5b2c776b197f412ac63cc2e4483f3cfc403426cbe41fbc8b30c0bb00b0cecb5
                                                        • Instruction Fuzzy Hash: 0CF0A0308109105B82206F78AC4E8BA3FACDE01334B104B42F936C20E0FFF45D568696
                                                        Function 00B74CE8 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                        Download Yara Rule
                                                        APIs
                                                        • GetCurrentProcess.KERNEL32(00B828E9,?,00B74CBE,00B828E9,00C188B8,0000000C,00B74E15,00B828E9,00000002,00000000,?,00B828E9), ref: 00B74D09
                                                        • TerminateProcess.KERNEL32(00000000,?,00B74CBE,00B828E9,00C188B8,0000000C,00B74E15,00B828E9,00000002,00000000,?,00B828E9), ref: 00B74D10
                                                        • ExitProcess.KERNEL32 ref: 00B74D22
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: Process$CurrentExitTerminate
                                                        • String ID:
                                                        • API String ID: 1703294689-0
                                                        • Opcode ID: 26cbb3ad80d06ed48053d2b7dbf951daed57a266597d44ec2fce9f41589c7304
                                                        • Instruction ID: 02ff83f3b441de8da06f03f9784d36791def29647c96095c55ec8dfb19b91bfe
                                                        • Opcode Fuzzy Hash: 26cbb3ad80d06ed48053d2b7dbf951daed57a266597d44ec2fce9f41589c7304
                                                        • Instruction Fuzzy Hash: 9BE0B631000188AFCF21AF54DD59A583FA9EB42B82F118064FC699B132DB35ED52CB84
                                                        Function 00BDAFF9 Relevance: 24.4, APIs: 16, Instructions: 418processCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 0 bdaff9-bdb056 call b72340 3 bdb058-bdb06b call b5b567 0->3 4 bdb094-bdb098 0->4 14 bdb06d-bdb092 call b5b567 * 2 3->14 15 bdb0c8 3->15 5 bdb0dd-bdb0e0 4->5 6 bdb09a-bdb0bb call b5b567 * 2 4->6 10 bdb0f5-bdb119 call b57510 call b57620 5->10 11 bdb0e2-bdb0e5 5->11 29 bdb0bf-bdb0c4 6->29 31 bdb11f-bdb178 call b57510 call b57620 call b57510 call b57620 call b57510 call b57620 10->31 32 bdb1d8-bdb1e0 10->32 16 bdb0e8-bdb0ed call b5b567 11->16 14->29 19 bdb0cb-bdb0cf 15->19 16->10 24 bdb0d9-bdb0db 19->24 25 bdb0d1-bdb0d7 19->25 24->5 24->10 25->16 29->5 33 bdb0c6 29->33 80 bdb17a-bdb195 call b57510 call b57620 31->80 81 bdb1a6-bdb1d6 GetSystemDirectoryW call b6fe0b GetSystemDirectoryW 31->81 36 bdb20a-bdb238 GetCurrentDirectoryW call b6fe0b GetCurrentDirectoryW 32->36 37 bdb1e2-bdb1fd call b57510 call b57620 32->37 33->19 46 bdb23c 36->46 37->36 50 bdb1ff-bdb208 call b74963 37->50 49 bdb240-bdb244 46->49 52 bdb275-bdb285 call bc00d9 49->52 53 bdb246-bdb270 call b59c6e * 3 49->53 50->36 50->52 62 bdb28b-bdb2e1 call bc07c0 call bc06e6 call bc05a7 52->62 63 bdb287-bdb289 52->63 53->52 66 bdb2ee-bdb2f2 62->66 99 bdb2e3 62->99 63->66 73 bdb2f8-bdb321 call bb11c8 66->73 74 bdb39a-bdb3be CreateProcessW 66->74 84 bdb32a call bb14ce 73->84 85 bdb323-bdb328 call bb1201 73->85 77 bdb3c1-bdb3d4 call b6fe14 * 2 74->77 103 bdb42f-bdb43d CloseHandle 77->103 104 bdb3d6-bdb3e8 77->104 80->81 107 bdb197-bdb1a0 call b74963 80->107 81->46 98 bdb32f-bdb33c call b74963 84->98 85->98 115 bdb33e-bdb345 98->115 116 bdb347-bdb357 call b74963 98->116 99->66 109 bdb49c 103->109 110 bdb43f-bdb444 103->110 105 bdb3ed-bdb3fc 104->105 106 bdb3ea 104->106 111 bdb3fe 105->111 112 bdb401-bdb42a GetLastError call b5630c call b5cfa0 105->112 106->105 107->49 107->81 113 bdb4a0-bdb4a4 109->113 117 bdb446-bdb44c CloseHandle 110->117 118 bdb451-bdb456 110->118 111->112 127 bdb4e5-bdb4f6 call bc0175 112->127 120 bdb4a6-bdb4b0 113->120 121 bdb4b2-bdb4bc 113->121 115->115 115->116 137 bdb359-bdb360 116->137 138 bdb362-bdb372 call b74963 116->138 117->118 124 bdb458-bdb45e CloseHandle 118->124 125 bdb463-bdb468 118->125 120->127 128 bdb4be 121->128 129 bdb4c4-bdb4e3 call b5cfa0 CloseHandle 121->129 124->125 131 bdb46a-bdb470 CloseHandle 125->131 132 bdb475-bdb49a call bc09d9 call bdb536 125->132 128->129 129->127 131->132 132->113 137->137 137->138 146 bdb37d-bdb398 call b6fe14 * 3 138->146 147 bdb374-bdb37b 138->147 146->77 147->146 147->147
                                                        APIs
                                                        • _wcslen.LIBCMT ref: 00BDB198
                                                        • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 00BDB1B0
                                                        • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 00BDB1D4
                                                        • _wcslen.LIBCMT ref: 00BDB200
                                                        • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 00BDB214
                                                        • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 00BDB236
                                                        • _wcslen.LIBCMT ref: 00BDB332
                                                          • Part of subcall function 00BC05A7: GetStdHandle.KERNEL32(000000F6), ref: 00BC05C6
                                                        • _wcslen.LIBCMT ref: 00BDB34B
                                                        • _wcslen.LIBCMT ref: 00BDB366
                                                        • CreateProcessW.KERNELBASE(00000000,?,00000000,00000000,?,?,00000000,?,?,?), ref: 00BDB3B6
                                                        • GetLastError.KERNEL32(00000000), ref: 00BDB407
                                                        • CloseHandle.KERNEL32(?), ref: 00BDB439
                                                        • CloseHandle.KERNEL32(00000000), ref: 00BDB44A
                                                        • CloseHandle.KERNEL32(00000000), ref: 00BDB45C
                                                        • CloseHandle.KERNEL32(00000000), ref: 00BDB46E
                                                        • CloseHandle.KERNEL32(?), ref: 00BDB4E3
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: Handle$Close_wcslen$Directory$CurrentSystem$CreateErrorLastProcess
                                                        • String ID:
                                                        • API String ID: 2178637699-0
                                                        • Opcode ID: f06f712aea1e311f9bd42554362e6f46e46f7be671af107214057136810ac6e3
                                                        • Instruction ID: 6a925d4068c4f39dc9beda6909aa63ae7a833a1fc3a46e82a133bbb994fb1f3a
                                                        • Opcode Fuzzy Hash: f06f712aea1e311f9bd42554362e6f46e46f7be671af107214057136810ac6e3
                                                        • Instruction Fuzzy Hash: D7F16831608240DFC714EF24D891B6ABBE1EF85314F15859EF8999B3A2EB31EC05CB52
                                                        Function 00B5D730 Relevance: 21.6, APIs: 14, Instructions: 619windowsleeptimeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetInputState.USER32 ref: 00B5D807
                                                        • timeGetTime.WINMM ref: 00B5DA07
                                                        • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00B5DB28
                                                        • TranslateMessage.USER32(?), ref: 00B5DB7B
                                                        • DispatchMessageW.USER32(?), ref: 00B5DB89
                                                        • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00B5DB9F
                                                        • Sleep.KERNELBASE(0000000A), ref: 00B5DBB1
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: Message$Peek$DispatchInputSleepStateTimeTranslatetime
                                                        • String ID:
                                                        • API String ID: 2189390790-0
                                                        • Opcode ID: d7edb5c0479bac1403599af5b719b9909c9c2d5085398e58dc561cfb25d8307c
                                                        • Instruction ID: 8cd32535284e1f2ebeb04cf56a90041dfd4b57ed09fc30a74fdd1164980102f9
                                                        • Opcode Fuzzy Hash: d7edb5c0479bac1403599af5b719b9909c9c2d5085398e58dc561cfb25d8307c
                                                        • Instruction Fuzzy Hash: FA42D130608341EFD735CF28C884BAABBE5FF46315F5486E9E955872A1D770E848CB92
                                                        Function 00B52CD4 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 53windowregistryCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        APIs
                                                        • GetSysColorBrush.USER32(0000000F), ref: 00B52D07
                                                        • RegisterClassExW.USER32(00000030), ref: 00B52D31
                                                        • RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00B52D42
                                                        • InitCommonControlsEx.COMCTL32(?), ref: 00B52D5F
                                                        • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00B52D6F
                                                        • LoadIconW.USER32(000000A9), ref: 00B52D85
                                                        • ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00B52D94
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
                                                        • String ID: +$0$AutoIt v3 GUI$TaskbarCreated
                                                        • API String ID: 2914291525-1005189915
                                                        • Opcode ID: 4b47632183485ad1ddefa21a4f8834baecafa4ad28010ef24ea69859b0610558
                                                        • Instruction ID: 8562e6c930e7fc236ddf21bf3091c6a312f9e45a3aba10da2ec163c25eb3e0f6
                                                        • Opcode Fuzzy Hash: 4b47632183485ad1ddefa21a4f8834baecafa4ad28010ef24ea69859b0610558
                                                        • Instruction Fuzzy Hash: 4721C3B5911358AFDB10EFA4E889BDDBFB4FB08701F04411AF911AB2A0DBB54586CF91
                                                        Function 00B9065B Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 272COMMONLIBRARYCODE
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 457 b9065b-b9068b call b9042f 460 b9068d-b90698 call b7f2c6 457->460 461 b906a6-b906b2 call b85221 457->461 468 b9069a-b906a1 call b7f2d9 460->468 466 b906cb-b90714 call b9039a 461->466 467 b906b4-b906c9 call b7f2c6 call b7f2d9 461->467 476 b90781-b9078a GetFileType 466->476 477 b90716-b9071f 466->477 467->468 478 b9097d-b90983 468->478 479 b9078c-b907bd GetLastError call b7f2a3 CloseHandle 476->479 480 b907d3-b907d6 476->480 482 b90721-b90725 477->482 483 b90756-b9077c GetLastError call b7f2a3 477->483 479->468 494 b907c3-b907ce call b7f2d9 479->494 486 b907d8-b907dd 480->486 487 b907df-b907e5 480->487 482->483 488 b90727-b90754 call b9039a 482->488 483->468 491 b907e9-b90837 call b8516a 486->491 487->491 492 b907e7 487->492 488->476 488->483 499 b90839-b90845 call b905ab 491->499 500 b90847-b9086b call b9014d 491->500 492->491 494->468 499->500 506 b9086f-b90879 call b886ae 499->506 507 b9086d 500->507 508 b9087e-b908c1 500->508 506->478 507->506 510 b908c3-b908c7 508->510 511 b908e2-b908f0 508->511 510->511 513 b908c9-b908dd 510->513 514 b9097b 511->514 515 b908f6-b908fa 511->515 513->511 514->478 515->514 516 b908fc-b9092f CloseHandle call b9039a 515->516 519 b90931-b9095d GetLastError call b7f2a3 call b85333 516->519 520 b90963-b90977 516->520 519->520 520->514
                                                        APIs
                                                          • Part of subcall function 00B9039A: CreateFileW.KERNELBASE(00000000,00000000,?,00B90704,?,?,00000000,?,00B90704,00000000,0000000C), ref: 00B903B7
                                                        • GetLastError.KERNEL32 ref: 00B9076F
                                                        • __dosmaperr.LIBCMT ref: 00B90776
                                                        • GetFileType.KERNELBASE(00000000), ref: 00B90782
                                                        • GetLastError.KERNEL32 ref: 00B9078C
                                                        • __dosmaperr.LIBCMT ref: 00B90795
                                                        • CloseHandle.KERNEL32(00000000), ref: 00B907B5
                                                        • CloseHandle.KERNEL32(?), ref: 00B908FF
                                                        • GetLastError.KERNEL32 ref: 00B90931
                                                        • __dosmaperr.LIBCMT ref: 00B90938
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                                        • String ID: H
                                                        • API String ID: 4237864984-2852464175
                                                        • Opcode ID: 129ec6459d3c0a9f4bfcea26ce0717f5a3bfffe381f6db671a664cde7e9f3f5a
                                                        • Instruction ID: d9cc470c186069e5bd6c42a1357f2b4ee8e14033b09d0391795a2797aee5940f
                                                        • Opcode Fuzzy Hash: 129ec6459d3c0a9f4bfcea26ce0717f5a3bfffe381f6db671a664cde7e9f3f5a
                                                        • Instruction Fuzzy Hash: D2A12932A241058FDF19FF68D8917AD7BE0EB06320F2441A9F8159F2A2DB359C13CB55
                                                        Function 00B5344D Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 201registryCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        APIs
                                                          • Part of subcall function 00B53A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,00C21418,?,00B52E7F,?,?,?,00000000), ref: 00B53A78
                                                          • Part of subcall function 00B53357: GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00B53379
                                                        • RegOpenKeyExW.KERNELBASE(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,?,\Include\), ref: 00B5356A
                                                        • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,?), ref: 00B9318D
                                                        • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,?,00000000), ref: 00B931CE
                                                        • RegCloseKey.ADVAPI32(?), ref: 00B93210
                                                        • _wcslen.LIBCMT ref: 00B93277
                                                        • _wcslen.LIBCMT ref: 00B93286
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: NameQueryValue_wcslen$CloseFileFullModuleOpenPath
                                                        • String ID: Include$Software\AutoIt v3\AutoIt$\$\Include\
                                                        • API String ID: 98802146-2727554177
                                                        • Opcode ID: a9f849cd7a605a0c660972d199dc54d76901aed7167dca12f2c0074da86ad023
                                                        • Instruction ID: b0642f59d05e24959f446aa57ea859e5aa5272364d5657784991c1c6fbcbb77f
                                                        • Opcode Fuzzy Hash: a9f849cd7a605a0c660972d199dc54d76901aed7167dca12f2c0074da86ad023
                                                        • Instruction Fuzzy Hash: B3716C71414301AEC724DF69EC81A6FBBE8FF95740B4008AEF945971B1EB349A4ACB52
                                                        Function 00B52B83 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 63windowregistryCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        APIs
                                                        • GetSysColorBrush.USER32(0000000F), ref: 00B52B8E
                                                        • LoadCursorW.USER32(00000000,00007F00), ref: 00B52B9D
                                                        • LoadIconW.USER32(00000063), ref: 00B52BB3
                                                        • LoadIconW.USER32(000000A4), ref: 00B52BC5
                                                        • LoadIconW.USER32(000000A2), ref: 00B52BD7
                                                        • LoadImageW.USER32(00000063,00000001,00000010,00000010,00000000), ref: 00B52BEF
                                                        • RegisterClassExW.USER32(?), ref: 00B52C40
                                                          • Part of subcall function 00B52CD4: GetSysColorBrush.USER32(0000000F), ref: 00B52D07
                                                          • Part of subcall function 00B52CD4: RegisterClassExW.USER32(00000030), ref: 00B52D31
                                                          • Part of subcall function 00B52CD4: RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00B52D42
                                                          • Part of subcall function 00B52CD4: InitCommonControlsEx.COMCTL32(?), ref: 00B52D5F
                                                          • Part of subcall function 00B52CD4: ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00B52D6F
                                                          • Part of subcall function 00B52CD4: LoadIconW.USER32(000000A9), ref: 00B52D85
                                                          • Part of subcall function 00B52CD4: ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00B52D94
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
                                                        • String ID: #$0$AutoIt v3
                                                        • API String ID: 423443420-4155596026
                                                        • Opcode ID: 137284b6a951945e2a98f04b4174271505834a2642af0c0dbf0d433aaf1e9f16
                                                        • Instruction ID: c736b2af768461db4587144e4174cd08c682e116277a65c0f19ea475dadedc2d
                                                        • Opcode Fuzzy Hash: 137284b6a951945e2a98f04b4174271505834a2642af0c0dbf0d433aaf1e9f16
                                                        • Instruction Fuzzy Hash: 34211075E10354ABDB20DF95EC95BAD7FB5FB58B50F08006AEA00A7A70D7B50542CF90
                                                        Function 00B53170 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 145windowtimeregistryCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 598 b53170-b53185 599 b531e5-b531e7 598->599 600 b53187-b5318a 598->600 599->600 603 b531e9 599->603 601 b5318c-b53193 600->601 602 b531eb 600->602 607 b53265-b5326d PostQuitMessage 601->607 608 b53199-b5319e 601->608 605 b92dfb-b92e23 call b518e2 call b6e499 602->605 606 b531f1-b531f6 602->606 604 b531d0-b531d8 DefWindowProcW 603->604 614 b531de-b531e4 604->614 645 b92e28-b92e2f 605->645 609 b5321d-b53244 SetTimer RegisterWindowMessageW 606->609 610 b531f8-b531fb 606->610 615 b53219-b5321b 607->615 612 b531a4-b531a8 608->612 613 b92e7c-b92e90 call bbbf30 608->613 609->615 619 b53246-b53251 CreatePopupMenu I_RpcFreeBuffer 609->619 616 b53201-b5320f KillTimer call b530f2 610->616 617 b92d9c-b92d9f 610->617 620 b92e68-b92e72 call bbc161 612->620 621 b531ae-b531b3 612->621 613->615 640 b92e96 613->640 615->614 635 b53214 call b53c50 616->635 630 b92da1-b92da5 617->630 631 b92dd7-b92df6 MoveWindow 617->631 626 b53253-b53263 call b5326f 619->626 636 b92e77 620->636 627 b92e4d-b92e54 621->627 628 b531b9-b531be 621->628 626->615 627->604 634 b92e5a-b92e63 call bb0ad7 627->634 628->626 639 b531c4-b531ca 628->639 632 b92da7-b92daa 630->632 633 b92dc6-b92dd2 SetFocus 630->633 631->615 632->639 641 b92db0-b92dc1 call b518e2 632->641 633->615 634->604 635->615 636->615 639->604 639->645 640->604 641->615 645->604 648 b92e35-b92e48 call b530f2 call b53837 645->648 648->604
                                                        APIs
                                                        • DefWindowProcW.USER32(?,?,?,?,?,?,?,?,?,00B5316A,?,?), ref: 00B531D8
                                                        • KillTimer.USER32(?,00000001,?,?,?,?,?,00B5316A,?,?), ref: 00B53204
                                                        • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 00B53227
                                                        • RegisterWindowMessageW.USER32(TaskbarCreated,?,?,?,?,?,00B5316A,?,?), ref: 00B53232
                                                        • CreatePopupMenu.USER32 ref: 00B53246
                                                        • PostQuitMessage.USER32(00000000), ref: 00B53267
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
                                                        • String ID: TaskbarCreated
                                                        • API String ID: 129472671-2362178303
                                                        • Opcode ID: 4005bd1e4cc47c53c19beb37492446eb3c75a088b509d74e46de7a62607e9187
                                                        • Instruction ID: 1da8204c03bdaa80250b3e9e8c29711c75b83cfc3a7282dd57827814c6d9be9b
                                                        • Opcode Fuzzy Hash: 4005bd1e4cc47c53c19beb37492446eb3c75a088b509d74e46de7a62607e9187
                                                        • Instruction Fuzzy Hash: F4416B31610644B7DF24AB389C89B7D3AD9EB15B82F0801F5FD02967A1CB728E4A9761
                                                        Function 00B51410 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 332COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 654 b51410-b51449 655 b924b8-b924b9 DestroyWindow 654->655 656 b5144f-b51465 mciSendStringW 654->656 659 b924c4-b924d1 655->659 657 b516c6-b516d3 656->657 658 b5146b-b51473 656->658 661 b516d5-b516f0 UnregisterHotKey 657->661 662 b516f8-b516ff 657->662 658->659 660 b51479-b51488 call b5182e 658->660 663 b92500-b92507 659->663 664 b924d3-b924d6 659->664 675 b9250e-b9251a 660->675 676 b5148e-b51496 660->676 661->662 666 b516f2-b516f3 call b510d0 661->666 662->658 667 b51705 662->667 663->659 672 b92509 663->672 668 b924d8-b924e0 call b56246 664->668 669 b924e2-b924e5 FindClose 664->669 666->662 667->657 674 b924eb-b924f8 668->674 669->674 672->675 674->663 678 b924fa-b924fb call bc32b1 674->678 681 b9251c-b9251e FreeLibrary 675->681 682 b92524-b9252b 675->682 679 b5149c-b514c1 call b5cfa0 676->679 680 b92532-b9253f 676->680 678->663 692 b514c3 679->692 693 b514f8-b51503 CoUninitialize 679->693 684 b92541-b9255e VirtualFree 680->684 685 b92566-b9256d 680->685 681->682 682->675 683 b9252d 682->683 683->680 684->685 688 b92560-b92561 call bc3317 684->688 685->680 689 b9256f 685->689 688->685 695 b92574-b92578 689->695 696 b514c6-b514f6 call b51a05 call b519ae 692->696 694 b51509-b5150e 693->694 693->695 697 b92589-b92596 call bc32eb 694->697 698 b51514-b5151e 694->698 695->694 699 b9257e-b92584 695->699 696->693 710 b92598 697->710 701 b51524-b515a5 call b5988f call b51944 call b517d5 call b6fe14 call b5177c call b5988f call b5cfa0 call b517fe call b6fe14 698->701 702 b51707-b51714 call b6f80e 698->702 699->694 716 b9259d-b925bf call b6fdcd 701->716 744 b515ab-b515cf call b6fe14 701->744 702->701 715 b5171a 702->715 710->716 715->702 722 b925c1 716->722 725 b925c6-b925e8 call b6fdcd 722->725 732 b925ea 725->732 735 b925ef-b92611 call b6fdcd 732->735 740 b92613 735->740 743 b92618-b92625 call bb64d4 740->743 749 b92627 743->749 744->725 750 b515d5-b515f9 call b6fe14 744->750 752 b9262c-b92639 call b6ac64 749->752 750->735 755 b515ff-b51619 call b6fe14 750->755 759 b9263b 752->759 755->743 760 b5161f-b51643 call b517d5 call b6fe14 755->760 762 b92640-b9264d call bc3245 759->762 760->752 769 b51649-b51651 760->769 768 b9264f 762->768 770 b92654-b92661 call bc32cc 768->770 769->762 771 b51657-b51675 call b5988f call b5190a 769->771 776 b92663 770->776 771->770 780 b5167b-b51689 771->780 779 b92668-b92675 call bc32cc 776->779 785 b92677 779->785 780->779 782 b5168f-b516c5 call b5988f * 3 call b51876 780->782 785->785
                                                        APIs
                                                        • mciSendStringW.WINMM(close all,00000000,00000000,00000000), ref: 00B51459
                                                        • CoUninitialize.COMBASE ref: 00B514F8
                                                        • UnregisterHotKey.USER32(?), ref: 00B516DD
                                                        • DestroyWindow.USER32(?), ref: 00B924B9
                                                        • FreeLibrary.KERNEL32(?), ref: 00B9251E
                                                        • VirtualFree.KERNEL32(?,00000000,00008000), ref: 00B9254B
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: Free$DestroyLibrarySendStringUninitializeUnregisterVirtualWindow
                                                        • String ID: close all
                                                        • API String ID: 469580280-3243417748
                                                        • Opcode ID: df9789ce1677e5e3ff95fdb5a1b29a7eada7968e8e05d4d56b84da6c9471b740
                                                        • Instruction ID: f03ad3a32ae6bf5fbcc710e5fe78260cbb1aff5d2c825464bffbd98c6dfccd6c
                                                        • Opcode Fuzzy Hash: df9789ce1677e5e3ff95fdb5a1b29a7eada7968e8e05d4d56b84da6c9471b740
                                                        • Instruction Fuzzy Hash: 4CD16831A022129FCB29EF19D899B29FBE4BF05701F1545EDE84A6B252DB30AD16CF50
                                                        Function 00B52C63 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 44COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 803 b52c63-b52cd3 CreateWindowExW * 2 ShowWindow * 2
                                                        APIs
                                                        • CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 00B52C91
                                                        • CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 00B52CB2
                                                        • ShowWindow.USER32(00000000,?,?,?,?,?,?,00B51CAD,?), ref: 00B52CC6
                                                        • ShowWindow.USER32(00000000,?,?,?,?,?,?,00B51CAD,?), ref: 00B52CCF
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: Window$CreateShow
                                                        • String ID: AutoIt v3$edit
                                                        • API String ID: 1584632944-3779509399
                                                        • Opcode ID: 27db6bd7769d090f61e1ca064ffc39d7ae22f281b1e210cfbcc15d71ddf23f9d
                                                        • Instruction ID: 383717b5b8cf77efe5de14627e73c1d91e38a07777884a87107588813fc0689b
                                                        • Opcode Fuzzy Hash: 27db6bd7769d090f61e1ca064ffc39d7ae22f281b1e210cfbcc15d71ddf23f9d
                                                        • Instruction Fuzzy Hash: EFF03A755503D47AEB314B13AC48F7B2EBED7DAF50B05006AFD00A79B0C6754842DAB0
                                                        Function 00B53B1C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58registryCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 954 b53b1c-b53b27 955 b53b99-b53b9b 954->955 956 b53b29-b53b2e 954->956 957 b53b8c-b53b8f 955->957 956->955 958 b53b30-b53b48 RegOpenKeyExW 956->958 958->955 959 b53b4a-b53b69 RegQueryValueExW 958->959 960 b53b80-b53b8b RegCloseKey 959->960 961 b53b6b-b53b76 959->961 960->957 962 b53b90-b53b97 961->962 963 b53b78-b53b7a 961->963 964 b53b7e 962->964 963->964 964->960
                                                        APIs
                                                        • RegOpenKeyExW.KERNELBASE(80000001,Control Panel\Mouse,00000000,00000001,00000000,?,?,80000001,80000001,?,00B53B0F,SwapMouseButtons,00000004,?), ref: 00B53B40
                                                        • RegQueryValueExW.KERNELBASE(00000000,00000000,00000000,00000000,?,?,?,?,?,80000001,80000001,?,00B53B0F,SwapMouseButtons,00000004,?), ref: 00B53B61
                                                        • RegCloseKey.KERNELBASE(00000000,?,?,?,80000001,80000001,?,00B53B0F,SwapMouseButtons,00000004,?), ref: 00B53B83
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: CloseOpenQueryValue
                                                        • String ID: Control Panel\Mouse
                                                        • API String ID: 3677997916-824357125
                                                        • Opcode ID: 930133b28ade10618af0b6b2f00fdf72fc43618b4bf028cd8e643b00be7ada0a
                                                        • Instruction ID: d8e5e65c1237d219e667edd22e006b83757a32e8060e040992909a17411533e2
                                                        • Opcode Fuzzy Hash: 930133b28ade10618af0b6b2f00fdf72fc43618b4bf028cd8e643b00be7ada0a
                                                        • Instruction Fuzzy Hash: 1F112AB5510218FFDB21CFA5DC84AAEBBF8EF04B85B104499F805D7210D6319F459B60
                                                        Function 00B53923 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 94windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • LoadStringW.USER32(00000065,?,0000007F,00000104), ref: 00B933A2
                                                          • Part of subcall function 00B56B57: _wcslen.LIBCMT ref: 00B56B6A
                                                        • Shell_NotifyIconW.SHELL32(00000001,?), ref: 00B53A04
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: IconLoadNotifyShell_String_wcslen
                                                        • String ID: Line:
                                                        • API String ID: 2289894680-1585850449
                                                        • Opcode ID: 75d5be1f5304286b8e6eb234c8ce075814bad2bd07a7a576155a8b862602ef18
                                                        • Instruction ID: ad3bd3bfea91ae86d10be598dc1dc0773299e843d65315cec9dbdc59be2967e5
                                                        • Opcode Fuzzy Hash: 75d5be1f5304286b8e6eb234c8ce075814bad2bd07a7a576155a8b862602ef18
                                                        • Instruction Fuzzy Hash: 0F31C371408304AAC721EB20DC45BEFB7D8AF50B51F0449EAFD99935A1DB70964DCBC6
                                                        Function 00B6FDDB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • __CxxThrowException@8.LIBVCRUNTIME ref: 00B70668
                                                          • Part of subcall function 00B732A4: RaiseException.KERNEL32(?,?,?,00B7068A,?,00C21444,?,?,?,?,?,?,00B7068A,00B51129,00C18738,00B51129), ref: 00B73304
                                                        • __CxxThrowException@8.LIBVCRUNTIME ref: 00B70685
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: Exception@8Throw$ExceptionRaise
                                                        • String ID: Unknown exception
                                                        • API String ID: 3476068407-410509341
                                                        • Opcode ID: 05225e5e82ef7105e867b492ea1471b5f3273bec27c805daa8dd97eb6b597aa3
                                                        • Instruction ID: dbd2f83f98e117baf16dc659d420f1b33678c086e3458d7db3ca36b4ce114d43
                                                        • Opcode Fuzzy Hash: 05225e5e82ef7105e867b492ea1471b5f3273bec27c805daa8dd97eb6b597aa3
                                                        • Instruction Fuzzy Hash: C5F0C83490420EB7CB00B664E896CAE77ED9E40350B60C1F2B93C955D2EF71EA69C5C0
                                                        Function 00B510F3 Relevance: 4.7, APIs: 3, Instructions: 153comCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00B51BC3: MapVirtualKeyW.USER32(0000005B,00000000), ref: 00B51BF4
                                                          • Part of subcall function 00B51BC3: MapVirtualKeyW.USER32(00000010,00000000), ref: 00B51BFC
                                                          • Part of subcall function 00B51BC3: MapVirtualKeyW.USER32(000000A0,00000000), ref: 00B51C07
                                                          • Part of subcall function 00B51BC3: MapVirtualKeyW.USER32(000000A1,00000000), ref: 00B51C12
                                                          • Part of subcall function 00B51BC3: MapVirtualKeyW.USER32(00000011,00000000), ref: 00B51C1A
                                                          • Part of subcall function 00B51BC3: MapVirtualKeyW.USER32(00000012,00000000), ref: 00B51C22
                                                          • Part of subcall function 00B51B4A: RegisterWindowMessageW.USER32(00000004,?,00B512C4), ref: 00B51BA2
                                                        • GetStdHandle.KERNEL32(000000F6,00000000,00000000), ref: 00B5136A
                                                        • OleInitialize.OLE32 ref: 00B51388
                                                        • CloseHandle.KERNEL32(00000000,00000000), ref: 00B924AB
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: Virtual$Handle$CloseInitializeMessageRegisterWindow
                                                        • String ID:
                                                        • API String ID: 1986988660-0
                                                        • Opcode ID: 1552303e366f25ee6830fe4bd952eb6190af15e254c359e9886e36335db74fce
                                                        • Instruction ID: 4bf449c0a1eacc496ae87f20187611664c389766facfa0194dc43b97195ecd96
                                                        • Opcode Fuzzy Hash: 1552303e366f25ee6830fe4bd952eb6190af15e254c359e9886e36335db74fce
                                                        • Instruction Fuzzy Hash: 3371A0B99213448EC7A4EF79A88575D3AE0FBA834531D46BADC0AD7BA1EB304407CF40
                                                        Function 00BBC161 Relevance: 4.6, APIs: 3, Instructions: 74timewindowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00B53923: Shell_NotifyIconW.SHELL32(00000001,?), ref: 00B53A04
                                                        • Shell_NotifyIconW.SHELL32(00000001,000003A8), ref: 00BBC259
                                                        • KillTimer.USER32(?,00000001,?,?), ref: 00BBC261
                                                        • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 00BBC270
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: IconNotifyShell_Timer$Kill
                                                        • String ID:
                                                        • API String ID: 3500052701-0
                                                        • Opcode ID: 41a1ac02d97322b3c264e3a5e8dd7ab08cc01494d60036a6934388279737c720
                                                        • Instruction ID: 0a10ec28f7978e5beb0d0e61e328572814f13bb2e0bc57c6c0963ab59ed99c6c
                                                        • Opcode Fuzzy Hash: 41a1ac02d97322b3c264e3a5e8dd7ab08cc01494d60036a6934388279737c720
                                                        • Instruction Fuzzy Hash: CC318170904384AFEB32DF64C895BEABFEC9B16304F0404DAD59AA7241C7B45A85CB51
                                                        Function 00B886AE Relevance: 4.6, APIs: 3, Instructions: 61COMMONLIBRARYCODE
                                                        Download Yara Rule
                                                        APIs
                                                        • CloseHandle.KERNELBASE(00000000,00000000,?,?,00B885CC,?,00C18CC8,0000000C), ref: 00B88704
                                                        • GetLastError.KERNEL32(?,00B885CC,?,00C18CC8,0000000C), ref: 00B8870E
                                                        • __dosmaperr.LIBCMT ref: 00B88739
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: CloseErrorHandleLast__dosmaperr
                                                        • String ID:
                                                        • API String ID: 2583163307-0
                                                        • Opcode ID: 6f2a4938ce06aab77af3123447a91ddbba3bc58d37a7e1e8014ef4679246141e
                                                        • Instruction ID: b0073d6bad166ff976b669a07ba091c42e0fe48d558cdfb7469679010dd75f01
                                                        • Opcode Fuzzy Hash: 6f2a4938ce06aab77af3123447a91ddbba3bc58d37a7e1e8014ef4679246141e
                                                        • Instruction Fuzzy Hash: 32016B3660426017C2307234688577E2BD98B81774F7801D9F8198B0F3EEB09C81C354
                                                        Function 00B5DB38 Relevance: 4.5, APIs: 3, Instructions: 29windowsleepCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • TranslateMessage.USER32(?), ref: 00B5DB7B
                                                        • DispatchMessageW.USER32(?), ref: 00B5DB89
                                                        • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00B5DB9F
                                                        • Sleep.KERNELBASE(0000000A), ref: 00B5DBB1
                                                        • TranslateAcceleratorW.USER32(?,?,?), ref: 00BA1CC9
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: Message$Translate$AcceleratorDispatchPeekSleep
                                                        • String ID:
                                                        • API String ID: 3288985973-0
                                                        • Opcode ID: cb96d76c52f14050f34373bcb3694622d8ed6b9fcd82c7c2c5c0ffe39d6a2b86
                                                        • Instruction ID: 4c1a14da827ab7b92abdbbc5414b7fe9f0eedadc4772c6e5607449796523e78c
                                                        • Opcode Fuzzy Hash: cb96d76c52f14050f34373bcb3694622d8ed6b9fcd82c7c2c5c0ffe39d6a2b86
                                                        • Instruction Fuzzy Hash: 3AF054306043809BE770C7608C85F9A77E9EB45311F104AA4EA19C70C0DB309489CB15
                                                        Function 00B61310 Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 531COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • __Init_thread_footer.LIBCMT ref: 00B617F6
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: Init_thread_footer
                                                        • String ID: CALL
                                                        • API String ID: 1385522511-4196123274
                                                        • Opcode ID: 02aa28f5241fe2260837daf5728ecbd2df3565d69b1c39284bce7f0f0ad20ccd
                                                        • Instruction ID: 28777f6accbbb939144349cc86105f0109188c972d38b476306b14293be41f74
                                                        • Opcode Fuzzy Hash: 02aa28f5241fe2260837daf5728ecbd2df3565d69b1c39284bce7f0f0ad20ccd
                                                        • Instruction Fuzzy Hash: C0225AB06082419FC714DF18C490B2ABBF1FF99314F1889ADF4968B3A1D779E945CB92
                                                        Function 00B52DE3 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 64COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetOpenFileNameW.COMDLG32(?), ref: 00B92C8C
                                                          • Part of subcall function 00B53AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00B53A97,?,?,00B52E7F,?,?,?,00000000), ref: 00B53AC2
                                                          • Part of subcall function 00B52DA5: GetLongPathNameW.KERNELBASE(?,?,00007FFF), ref: 00B52DC4
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: Name$Path$FileFullLongOpen
                                                        • String ID: X
                                                        • API String ID: 779396738-3081909835
                                                        • Opcode ID: 487b8525ec6235ddcaca971b59066e68bc424a89fdd6b6c02e9f56014eaec6b5
                                                        • Instruction ID: c5b4f8a84532717f5e3eef0bca16e5324217f1afbf1b350b8fca89e71b855a0f
                                                        • Opcode Fuzzy Hash: 487b8525ec6235ddcaca971b59066e68bc424a89fdd6b6c02e9f56014eaec6b5
                                                        • Instruction Fuzzy Hash: 44219371A002989FDF01EF94C845BEE7BF9EF49715F008099E805AB241DBB45A8DCF61
                                                        Function 00B53837 Relevance: 3.1, APIs: 2, Instructions: 77windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • Shell_NotifyIconW.SHELL32(00000000,?), ref: 00B53908
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: IconNotifyShell_
                                                        • String ID:
                                                        • API String ID: 1144537725-0
                                                        • Opcode ID: 96f8e12bd05bbd638ebef5c96dc34cd5d58d1b876574f21a508d26b97df0c3ac
                                                        • Instruction ID: ed43770799ed0022e14037ffa377af58419540a384b83520a0592f01e92c9277
                                                        • Opcode Fuzzy Hash: 96f8e12bd05bbd638ebef5c96dc34cd5d58d1b876574f21a508d26b97df0c3ac
                                                        • Instruction Fuzzy Hash: B831C3705043008FD721DF24D88479BBBE4FB49759F0009AEF99A87350E771AA48CB52
                                                        Function 00B6F645 Relevance: 3.0, APIs: 2, Instructions: 29sleeptimeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • timeGetTime.WINMM ref: 00B6F661
                                                          • Part of subcall function 00B5D730: GetInputState.USER32 ref: 00B5D807
                                                        • Sleep.KERNEL32(00000000), ref: 00BAF2DE
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: InputSleepStateTimetime
                                                        • String ID:
                                                        • API String ID: 4149333218-0
                                                        • Opcode ID: 44471234c3a2f1fc2a57db3f3ed014f10c30668ce49d8df21253f5208640cf16
                                                        • Instruction ID: bbaab66f1cfb00efe62cba6675c8becd7a9c03c5c9ed8cb929ed5fe30ef27999
                                                        • Opcode Fuzzy Hash: 44471234c3a2f1fc2a57db3f3ed014f10c30668ce49d8df21253f5208640cf16
                                                        • Instruction Fuzzy Hash: 8FF082312402059FD314EF75E455F6ABBE4EF59761F0001A9E859C7261DB70AC05CB91
                                                        Function 00B5B710 Relevance: 2.1, APIs: 1, Instructions: 587COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • __Init_thread_footer.LIBCMT ref: 00B5BB4E
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: Init_thread_footer
                                                        • String ID:
                                                        • API String ID: 1385522511-0
                                                        • Opcode ID: 91f331203cd9521fc90425a17dae590d6e3da186cd50bb0c21153a6db1eb2a11
                                                        • Instruction ID: 2cd66a19318d63345d667d868f5ca39dcef2bd5b4647e9911ccdbc2f8926b731
                                                        • Opcode Fuzzy Hash: 91f331203cd9521fc90425a17dae590d6e3da186cd50bb0c21153a6db1eb2a11
                                                        • Instruction Fuzzy Hash: 04328770A04209AFDB24DF54C894FBEB7F9EB49311F1480D9ED05AB261C774AD4ACB91
                                                        Function 00B54ECB Relevance: 1.6, APIs: 1, Instructions: 65libraryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00B54E90: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00B54EDD,?,00C21418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00B54E9C
                                                          • Part of subcall function 00B54E90: GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00B54EAE
                                                          • Part of subcall function 00B54E90: FreeLibrary.KERNEL32(00000000,?,?,00B54EDD,?,00C21418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00B54EC0
                                                        • LoadLibraryExW.KERNEL32(?,00000000,00000002,?,00C21418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00B54EFD
                                                          • Part of subcall function 00B54E59: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00B93CDE,?,00C21418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00B54E62
                                                          • Part of subcall function 00B54E59: GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00B54E74
                                                          • Part of subcall function 00B54E59: FreeLibrary.KERNEL32(00000000,?,?,00B93CDE,?,00C21418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00B54E87
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: Library$Load$AddressFreeProc
                                                        • String ID:
                                                        • API String ID: 2632591731-0
                                                        • Opcode ID: 4fa4df66ed90dc8f857a9f5af2de87eb6064cc3dce9bfac6a879fb9dbe95e6e8
                                                        • Instruction ID: 46ebe07eb290f73f8a73ea8911c0167b09e2069428d5e8da84eaa7636d199857
                                                        • Opcode Fuzzy Hash: 4fa4df66ed90dc8f857a9f5af2de87eb6064cc3dce9bfac6a879fb9dbe95e6e8
                                                        • Instruction Fuzzy Hash: E6110431600305ABCF24AB64DC42FED77E4AF40B16F1084EDF946AA1C1DF709A899B50
                                                        Function 00B88402 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: __wsopen_s
                                                        • String ID:
                                                        • API String ID: 3347428461-0
                                                        • Opcode ID: ebf2df2b3ca806b3288e4dbc00b6cd7f34f0671ae8f21d7e7b923acc597f391a
                                                        • Instruction ID: b5ce359e769417aa450d1504cc6c15da83c64a953e135386458a89e88360923b
                                                        • Opcode Fuzzy Hash: ebf2df2b3ca806b3288e4dbc00b6cd7f34f0671ae8f21d7e7b923acc597f391a
                                                        • Instruction Fuzzy Hash: 3B112A7690410AAFCF15EF58E941A9E7BF5EF48314F1440A9FC08AB322DB31DA11CBA5
                                                        Function 00BE29BF Relevance: 1.5, APIs: 1, Instructions: 48COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetForegroundWindow.USER32(00000000,?,?,?,00BE14B5,?), ref: 00BE2A01
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: ForegroundWindow
                                                        • String ID:
                                                        • API String ID: 2020703349-0
                                                        • Opcode ID: dea5eb65e706f8f62908e62b532c28b9af6a33984e8bbaa832f1d2482a9cfeb2
                                                        • Instruction ID: 918140fa11d01585bdfa344c1d3c6371c97554af85bcab3361856aa8af945f6a
                                                        • Opcode Fuzzy Hash: dea5eb65e706f8f62908e62b532c28b9af6a33984e8bbaa832f1d2482a9cfeb2
                                                        • Instruction Fuzzy Hash: 9701B5363006C19FD324CB2EC494B2637DAFB85314F29A4B8D0478B251DB32EC42C790
                                                        Function 00B7E602 Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
                                                        • Instruction ID: 127fcba06a4445d0e1ffbcf7d1e2ea0fa46ffaf4045c236a8971de0aa21cbe47
                                                        • Opcode Fuzzy Hash: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
                                                        • Instruction Fuzzy Hash: A4F0F432510A10A7C6313A699C05B5A33D89F56370F1087E5F839962E2DB74D801C7A5
                                                        Function 00B83820 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                        Download Yara Rule
                                                        APIs
                                                        • RtlAllocateHeap.NTDLL(00000000,?,00C21444,?,00B6FDF5,?,?,00B5A976,00000010,00C21440,00B513FC,?,00B513C6,?,00B51129), ref: 00B83852
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: AllocateHeap
                                                        • String ID:
                                                        • API String ID: 1279760036-0
                                                        • Opcode ID: b05cb9f260b1bd19567e029aad012d4424af685a2440f09225e20dff663d6ca4
                                                        • Instruction ID: 2b8702a8d41b815a03459c939027617c2d60fd61c7d541d300b4dcb09693074d
                                                        • Opcode Fuzzy Hash: b05cb9f260b1bd19567e029aad012d4424af685a2440f09225e20dff663d6ca4
                                                        • Instruction Fuzzy Hash: E1E0E5312012249BD63137669C05B9A36C9EB42FB0F1501A0BC28A64B1EF20DD01C3E1
                                                        Function 00B54F39 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • FreeLibrary.KERNEL32(?,?,00C21418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00B54F6D
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: FreeLibrary
                                                        • String ID:
                                                        • API String ID: 3664257935-0
                                                        • Opcode ID: e564f669bd30abde2f19f044ff8c6220d2a7256525a65f3bbb360615b78fe509
                                                        • Instruction ID: 61651ee507f9816cba2bee6399849a0d366d0f04dc99945bb74e3f78ee05a0f5
                                                        • Opcode Fuzzy Hash: e564f669bd30abde2f19f044ff8c6220d2a7256525a65f3bbb360615b78fe509
                                                        • Instruction Fuzzy Hash: CCF01C71105751CFDB349F68D490A52BBE4EF1431A32089EEE5EE86511C7319888DF10
                                                        Function 00BE2A55 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • IsWindow.USER32(00000000), ref: 00BE2A66
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: Window
                                                        • String ID:
                                                        • API String ID: 2353593579-0
                                                        • Opcode ID: 484bd50bd17587a3302b74ccd63d58755a836d0e92742375c7774cf1a883fed9
                                                        • Instruction ID: d224e0df27c0cd4f4d91dbd436dbe13f7e8b1d810d52dffb37e9a1a6c17dd11c
                                                        • Opcode Fuzzy Hash: 484bd50bd17587a3302b74ccd63d58755a836d0e92742375c7774cf1a883fed9
                                                        • Instruction Fuzzy Hash: 1CE0DF32340156AAC710EB31ECC08FA77CCEB1039470444BAAC16D2100DB30898182E0
                                                        Function 00B530F2 Relevance: 1.5, APIs: 1, Instructions: 24windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • Shell_NotifyIconW.SHELL32(00000002,?), ref: 00B5314E
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: IconNotifyShell_
                                                        • String ID:
                                                        • API String ID: 1144537725-0
                                                        • Opcode ID: 30de924f111f465b8ac91e191efca625c9537d71fdacdab7c88c0f8423e8e5b4
                                                        • Instruction ID: 2f5289ccce60948425b20f95ee9ed561c09250fea9b0978fa86449cd43e932a4
                                                        • Opcode Fuzzy Hash: 30de924f111f465b8ac91e191efca625c9537d71fdacdab7c88c0f8423e8e5b4
                                                        • Instruction Fuzzy Hash: 0AF0A7709103489FEB62DB24DC457D97BFCA701708F0400E5A54897291DB704789CF45
                                                        Function 00B52DA5 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetLongPathNameW.KERNELBASE(?,?,00007FFF), ref: 00B52DC4
                                                          • Part of subcall function 00B56B57: _wcslen.LIBCMT ref: 00B56B6A
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: LongNamePath_wcslen
                                                        • String ID:
                                                        • API String ID: 541455249-0
                                                        • Opcode ID: baf0f0588250b5c9c8107d3550ae906a8003a3529a3cb90d6c3c505863288ce7
                                                        • Instruction ID: a2bfeaa017b5e6456234c88c45fe3c2274c043a4946a79cf0c0d6cac7a985697
                                                        • Opcode Fuzzy Hash: baf0f0588250b5c9c8107d3550ae906a8003a3529a3cb90d6c3c505863288ce7
                                                        • Instruction Fuzzy Hash: 23E0CD726001245BCB1096589C06FEA77DDDFC8790F0400F1FD09D7248D970AD848550
                                                        Function 00B52B3D Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00B53837: Shell_NotifyIconW.SHELL32(00000000,?), ref: 00B53908
                                                          • Part of subcall function 00B5D730: GetInputState.USER32 ref: 00B5D807
                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 00B52B6B
                                                          • Part of subcall function 00B530F2: Shell_NotifyIconW.SHELL32(00000002,?), ref: 00B5314E
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: IconNotifyShell_$CurrentDirectoryInputState
                                                        • String ID:
                                                        • API String ID: 3667716007-0
                                                        • Opcode ID: 7981544086315060b793f14b4b9a2f69eebd717dbc6dba364841f7dd73aad2f5
                                                        • Instruction ID: 527fd62939affe8293e6843fb25761c314e3e4aefc2a285267412a112f955adf
                                                        • Opcode Fuzzy Hash: 7981544086315060b793f14b4b9a2f69eebd717dbc6dba364841f7dd73aad2f5
                                                        • Instruction Fuzzy Hash: 32E0262230028406CA08BB30A8527ADA7D98BE1793F4409FEFD46832A3CE20494E8311
                                                        Function 00B9039A Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMONLIBRARYCODE
                                                        Download Yara Rule
                                                        APIs
                                                        • CreateFileW.KERNELBASE(00000000,00000000,?,00B90704,?,?,00000000,?,00B90704,00000000,0000000C), ref: 00B903B7
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: CreateFile
                                                        • String ID:
                                                        • API String ID: 823142352-0
                                                        • Opcode ID: 1140e84bdc3618dc6f10839c591cfbea2d43753468518498fa217ff7f7cd484e
                                                        • Instruction ID: 53b967a1d235960e3aad47b547f29de451025b936917f0d900a3dce6ed6a2123
                                                        • Opcode Fuzzy Hash: 1140e84bdc3618dc6f10839c591cfbea2d43753468518498fa217ff7f7cd484e
                                                        • Instruction Fuzzy Hash: 97D06C3204014DBBDF028F84DD46EDA3FAAFB48714F014000BE1866020C732E822AB91
                                                        Function 00B51CAD Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SystemParametersInfoW.USER32(00002001,00000000,00000002), ref: 00B51CBC
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: InfoParametersSystem
                                                        • String ID:
                                                        • API String ID: 3098949447-0
                                                        • Opcode ID: 6df07ba01de04ecd8b723ced051d6c26413d1c9cd689b4f8988007a0d8aa8e29
                                                        • Instruction ID: c7bc17be632f10fc4550b4f3ff87de2c03c8ec813cd344b6a0a73cdd58793e79
                                                        • Opcode Fuzzy Hash: 6df07ba01de04ecd8b723ced051d6c26413d1c9cd689b4f8988007a0d8aa8e29
                                                        • Instruction Fuzzy Hash: 2AC09B35290344BFF224CB80BC4BF147755A35CB00F048001FA09599F3C7A11411F650

                                                        Non-executed Functions

                                                        Function 00BE9576 Relevance: 72.4, APIs: 39, Strings: 2, Instructions: 625windowkeyboardCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00B69BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00B69BB2
                                                        • DefDlgProcW.USER32(?,0000004E,?,?,?,?,?,?), ref: 00BE961A
                                                        • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 00BE965B
                                                        • GetWindowLongW.USER32(FFFFFDD9,000000F0), ref: 00BE969F
                                                        • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00BE96C9
                                                        • SendMessageW.USER32 ref: 00BE96F2
                                                        • GetKeyState.USER32(00000011), ref: 00BE978B
                                                        • GetKeyState.USER32(00000009), ref: 00BE9798
                                                        • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 00BE97AE
                                                        • GetKeyState.USER32(00000010), ref: 00BE97B8
                                                        • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00BE97E9
                                                        • SendMessageW.USER32 ref: 00BE9810
                                                        • SendMessageW.USER32(?,00001030,?,00BE7E95), ref: 00BE9918
                                                        • ImageList_SetDragCursorImage.COMCTL32(00000000,00000000,00000000,?,?,?), ref: 00BE992E
                                                        • ImageList_BeginDrag.COMCTL32(00000000,000000F8,000000F0), ref: 00BE9941
                                                        • SetCapture.USER32(?), ref: 00BE994A
                                                        • ClientToScreen.USER32(?,?), ref: 00BE99AF
                                                        • ImageList_DragEnter.COMCTL32(00000000,?,?), ref: 00BE99BC
                                                        • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 00BE99D6
                                                        • ReleaseCapture.USER32 ref: 00BE99E1
                                                        • GetCursorPos.USER32(?), ref: 00BE9A19
                                                        • ScreenToClient.USER32(?,?), ref: 00BE9A26
                                                        • SendMessageW.USER32(?,00001012,00000000,?), ref: 00BE9A80
                                                        • SendMessageW.USER32 ref: 00BE9AAE
                                                        • SendMessageW.USER32(?,00001111,00000000,?), ref: 00BE9AEB
                                                        • SendMessageW.USER32 ref: 00BE9B1A
                                                        • SendMessageW.USER32(?,0000110B,00000009,00000000), ref: 00BE9B3B
                                                        • SendMessageW.USER32(?,0000110B,00000009,?), ref: 00BE9B4A
                                                        • GetCursorPos.USER32(?), ref: 00BE9B68
                                                        • ScreenToClient.USER32(?,?), ref: 00BE9B75
                                                        • GetParent.USER32(?), ref: 00BE9B93
                                                        • SendMessageW.USER32(?,00001012,00000000,?), ref: 00BE9BFA
                                                        • SendMessageW.USER32 ref: 00BE9C2B
                                                        • ClientToScreen.USER32(?,?), ref: 00BE9C84
                                                        • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000), ref: 00BE9CB4
                                                        • SendMessageW.USER32(?,00001111,00000000,?), ref: 00BE9CDE
                                                        • SendMessageW.USER32 ref: 00BE9D01
                                                        • ClientToScreen.USER32(?,?), ref: 00BE9D4E
                                                        • TrackPopupMenuEx.USER32(?,00000080,?,?,?,00000000), ref: 00BE9D82
                                                          • Part of subcall function 00B69944: GetWindowLongW.USER32(?,000000EB), ref: 00B69952
                                                        • GetWindowLongW.USER32(?,000000F0), ref: 00BE9E05
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: MessageSend$ClientScreen$ImageLongWindow$CursorDragList_State$CaptureMenuPopupTrack$BeginEnterInvalidateParentProcRectRelease
                                                        • String ID: @GUI_DRAGID$F
                                                        • API String ID: 3429851547-4164748364
                                                        • Opcode ID: d4df30de6235003f5b1089dd6351bc806b617be2f013a5ffb60202dbd63d8f7c
                                                        • Instruction ID: 081ccc323912790ee6bfc55e0117e5a7eadd6e22244b4042dfc1e3292eabf349
                                                        • Opcode Fuzzy Hash: d4df30de6235003f5b1089dd6351bc806b617be2f013a5ffb60202dbd63d8f7c
                                                        • Instruction Fuzzy Hash: 85428F34204281AFDB24DF25CC84BAABBF5FF49310F14469AFA59872A1DB31EC59CB51
                                                        Function 00BE4873 Relevance: 60.1, APIs: 33, Strings: 1, Instructions: 566windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SendMessageW.USER32(00000000,00000408,00000000,00000000), ref: 00BE48F3
                                                        • SendMessageW.USER32(00000000,00000188,00000000,00000000), ref: 00BE4908
                                                        • SendMessageW.USER32(00000000,0000018A,00000000,00000000), ref: 00BE4927
                                                        • SendMessageW.USER32(?,00000148,00000000,00000000), ref: 00BE494B
                                                        • SendMessageW.USER32(00000000,00000147,00000000,00000000), ref: 00BE495C
                                                        • SendMessageW.USER32(00000000,00000149,00000000,00000000), ref: 00BE497B
                                                        • SendMessageW.USER32(00000000,0000130B,00000000,00000000), ref: 00BE49AE
                                                        • SendMessageW.USER32(00000000,0000133C,00000000,?), ref: 00BE49D4
                                                        • SendMessageW.USER32(00000000,0000110A,00000009,00000000), ref: 00BE4A0F
                                                        • SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 00BE4A56
                                                        • SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 00BE4A7E
                                                        • IsMenu.USER32(?), ref: 00BE4A97
                                                        • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00BE4AF2
                                                        • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00BE4B20
                                                        • GetWindowLongW.USER32(?,000000F0), ref: 00BE4B94
                                                        • SendMessageW.USER32(?,0000113E,00000000,00000008), ref: 00BE4BE3
                                                        • SendMessageW.USER32(00000000,00001001,00000000,?), ref: 00BE4C82
                                                        • wsprintfW.USER32 ref: 00BE4CAE
                                                        • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00BE4CC9
                                                        • GetWindowTextW.USER32(?,00000000,00000001), ref: 00BE4CF1
                                                        • SendMessageW.USER32(00000000,000000F0,00000000,00000000), ref: 00BE4D13
                                                        • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00BE4D33
                                                        • GetWindowTextW.USER32(?,00000000,00000001), ref: 00BE4D5A
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: MessageSend$MenuWindow$InfoItemText$Longwsprintf
                                                        • String ID: %d/%02d/%02d
                                                        • API String ID: 4054740463-328681919
                                                        • Opcode ID: 83be20edd9fe4f8ec59d75e1ebf55aabf0bd089254c27aa6b090ae6f20c42310
                                                        • Instruction ID: 4201f77922b3ce27a78c03fe78b828dd79d0a83f50409c0e097b886fb3597a9f
                                                        • Opcode Fuzzy Hash: 83be20edd9fe4f8ec59d75e1ebf55aabf0bd089254c27aa6b090ae6f20c42310
                                                        • Instruction Fuzzy Hash: 0212C171900294AFEB248F25DC89FAE7BF8EF45710F1042A9F919EB2D1DB749941CB50
                                                        Function 00B6F98E Relevance: 43.9, APIs: 24, Strings: 1, Instructions: 130keyboardthreadwindowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetForegroundWindow.USER32(00000000,00000000,00000000), ref: 00B6F998
                                                        • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00BAF474
                                                        • IsIconic.USER32(00000000), ref: 00BAF47D
                                                        • ShowWindow.USER32(00000000,00000009), ref: 00BAF48A
                                                        • SetForegroundWindow.USER32(00000000), ref: 00BAF494
                                                        • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 00BAF4AA
                                                        • GetCurrentThreadId.KERNEL32 ref: 00BAF4B1
                                                        • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 00BAF4BD
                                                        • AttachThreadInput.USER32(?,00000000,00000001), ref: 00BAF4CE
                                                        • AttachThreadInput.USER32(?,00000000,00000001), ref: 00BAF4D6
                                                        • AttachThreadInput.USER32(00000000,000000FF,00000001), ref: 00BAF4DE
                                                        • SetForegroundWindow.USER32(00000000), ref: 00BAF4E1
                                                        • MapVirtualKeyW.USER32(00000012,00000000), ref: 00BAF4F6
                                                        • keybd_event.USER32(00000012,00000000), ref: 00BAF501
                                                        • MapVirtualKeyW.USER32(00000012,00000000), ref: 00BAF50B
                                                        • keybd_event.USER32(00000012,00000000), ref: 00BAF510
                                                        • MapVirtualKeyW.USER32(00000012,00000000), ref: 00BAF519
                                                        • keybd_event.USER32(00000012,00000000), ref: 00BAF51E
                                                        • MapVirtualKeyW.USER32(00000012,00000000), ref: 00BAF528
                                                        • keybd_event.USER32(00000012,00000000), ref: 00BAF52D
                                                        • SetForegroundWindow.USER32(00000000), ref: 00BAF530
                                                        • AttachThreadInput.USER32(?,000000FF,00000000), ref: 00BAF557
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: Window$Thread$AttachForegroundInputVirtualkeybd_event$Process$CurrentFindIconicShow
                                                        • String ID: Shell_TrayWnd
                                                        • API String ID: 4125248594-2988720461
                                                        • Opcode ID: 9ea21230d7a31a9635878df907b21425f652c398fd636078ead701778d967710
                                                        • Instruction ID: 336fae6449b3a0faf6a3d29db49b9fd7d9e5747fffd054f5ea5e04fc0e9467c1
                                                        • Opcode Fuzzy Hash: 9ea21230d7a31a9635878df907b21425f652c398fd636078ead701778d967710
                                                        • Instruction Fuzzy Hash: 62313271A402587FEB206BF55C8AFBF7EADEB45B50F100065FA01EB1D1CBB19D01AA60
                                                        Function 00BB1201 Relevance: 38.7, APIs: 19, Strings: 3, Instructions: 241COMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00BB16C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00BB170D
                                                          • Part of subcall function 00BB16C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00BB173A
                                                          • Part of subcall function 00BB16C3: GetLastError.KERNEL32 ref: 00BB174A
                                                        • LogonUserW.ADVAPI32(?,?,?,00000000,00000000,?), ref: 00BB1286
                                                        • DuplicateTokenEx.ADVAPI32(?,00000000,00000000,00000002,00000001,?), ref: 00BB12A8
                                                        • CloseHandle.KERNEL32(?), ref: 00BB12B9
                                                        • OpenWindowStationW.USER32(winsta0,00000000,00060000), ref: 00BB12D1
                                                        • GetProcessWindowStation.USER32 ref: 00BB12EA
                                                        • SetProcessWindowStation.USER32(00000000), ref: 00BB12F4
                                                        • OpenDesktopW.USER32(default,00000000,00000000,00060081), ref: 00BB1310
                                                          • Part of subcall function 00BB10BF: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,00BB11FC), ref: 00BB10D4
                                                          • Part of subcall function 00BB10BF: CloseHandle.KERNEL32(?,?,00BB11FC), ref: 00BB10E9
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: StationTokenWindow$AdjustCloseHandleOpenPrivilegesProcess$DesktopDuplicateErrorLastLogonLookupPrivilegeUserValue
                                                        • String ID: $default$winsta0
                                                        • API String ID: 22674027-1027155976
                                                        • Opcode ID: 91cd0434f83e8ed713f136b65968eff68f5f389b0d21300ebb24574a3dd1cf90
                                                        • Instruction ID: d612688e35fa1cf099f1fd9ce4940d89a4aa3e3264d5d74b3fb22da7e206af89
                                                        • Opcode Fuzzy Hash: 91cd0434f83e8ed713f136b65968eff68f5f389b0d21300ebb24574a3dd1cf90
                                                        • Instruction Fuzzy Hash: 16817871900249AFDF209FA8DC99BFE7BB9EF04704F1445A9F910B62A0DBB18945CB20
                                                        Function 00BB0B62 Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00BB10F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00BB1114
                                                          • Part of subcall function 00BB10F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,00BB0B9B,?,?,?), ref: 00BB1120
                                                          • Part of subcall function 00BB10F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00BB0B9B,?,?,?), ref: 00BB112F
                                                          • Part of subcall function 00BB10F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00BB0B9B,?,?,?), ref: 00BB1136
                                                          • Part of subcall function 00BB10F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00BB114D
                                                        • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00BB0BCC
                                                        • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00BB0C00
                                                        • GetLengthSid.ADVAPI32(?), ref: 00BB0C17
                                                        • GetAce.ADVAPI32(?,00000000,?), ref: 00BB0C51
                                                        • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00BB0C6D
                                                        • GetLengthSid.ADVAPI32(?), ref: 00BB0C84
                                                        • GetProcessHeap.KERNEL32(00000008,00000008), ref: 00BB0C8C
                                                        • HeapAlloc.KERNEL32(00000000), ref: 00BB0C93
                                                        • GetLengthSid.ADVAPI32(?,00000008,?), ref: 00BB0CB4
                                                        • CopySid.ADVAPI32(00000000), ref: 00BB0CBB
                                                        • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00BB0CEA
                                                        • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00BB0D0C
                                                        • SetUserObjectSecurity.USER32(?,00000004,?), ref: 00BB0D1E
                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00BB0D45
                                                        • HeapFree.KERNEL32(00000000), ref: 00BB0D4C
                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00BB0D55
                                                        • HeapFree.KERNEL32(00000000), ref: 00BB0D5C
                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00BB0D65
                                                        • HeapFree.KERNEL32(00000000), ref: 00BB0D6C
                                                        • GetProcessHeap.KERNEL32(00000000,?), ref: 00BB0D78
                                                        • HeapFree.KERNEL32(00000000), ref: 00BB0D7F
                                                          • Part of subcall function 00BB1193: GetProcessHeap.KERNEL32(00000008,00BB0BB1,?,00000000,?,00BB0BB1,?), ref: 00BB11A1
                                                          • Part of subcall function 00BB1193: HeapAlloc.KERNEL32(00000000,?,00000000,?,00BB0BB1,?), ref: 00BB11A8
                                                          • Part of subcall function 00BB1193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,00BB0BB1,?), ref: 00BB11B7
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                        • String ID:
                                                        • API String ID: 4175595110-0
                                                        • Opcode ID: 98115bfac8f66686cd929a8dd1fdc20177f34be7d9142c15c94eb7ff91f555c6
                                                        • Instruction ID: dc8b9b0c783a43171a6951339a90a9e2a417c50647634609ab4405c5a4bba685
                                                        • Opcode Fuzzy Hash: 98115bfac8f66686cd929a8dd1fdc20177f34be7d9142c15c94eb7ff91f555c6
                                                        • Instruction Fuzzy Hash: 0A713E7190024AABDF10EFA4DC84BFFBBB9FF05310F1446A5E915A7191DBB1A905CB60
                                                        Function 00BCEAFF Relevance: 30.2, APIs: 20, Instructions: 191clipboardfileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • OpenClipboard.USER32(00BECC08), ref: 00BCEB29
                                                        • IsClipboardFormatAvailable.USER32(0000000D), ref: 00BCEB37
                                                        • GetClipboardData.USER32(0000000D), ref: 00BCEB43
                                                        • CloseClipboard.USER32 ref: 00BCEB4F
                                                        • GlobalLock.KERNEL32(00000000), ref: 00BCEB87
                                                        • CloseClipboard.USER32 ref: 00BCEB91
                                                        • GlobalUnlock.KERNEL32(00000000), ref: 00BCEBBC
                                                        • IsClipboardFormatAvailable.USER32(00000001), ref: 00BCEBC9
                                                        • GetClipboardData.USER32(00000001), ref: 00BCEBD1
                                                        • GlobalLock.KERNEL32(00000000), ref: 00BCEBE2
                                                        • GlobalUnlock.KERNEL32(00000000), ref: 00BCEC22
                                                        • IsClipboardFormatAvailable.USER32(0000000F), ref: 00BCEC38
                                                        • GetClipboardData.USER32(0000000F), ref: 00BCEC44
                                                        • GlobalLock.KERNEL32(00000000), ref: 00BCEC55
                                                        • DragQueryFileW.SHELL32(00000000,000000FF,00000000,00000000), ref: 00BCEC77
                                                        • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 00BCEC94
                                                        • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 00BCECD2
                                                        • GlobalUnlock.KERNEL32(00000000), ref: 00BCECF3
                                                        • CountClipboardFormats.USER32 ref: 00BCED14
                                                        • CloseClipboard.USER32 ref: 00BCED59
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: Clipboard$Global$AvailableCloseDataDragFileFormatLockQueryUnlock$CountFormatsOpen
                                                        • String ID:
                                                        • API String ID: 420908878-0
                                                        • Opcode ID: a45b49ebfaec9f93d216bb43dd27c6089322cc6c0ed78b0593a1cae9081cd103
                                                        • Instruction ID: 0f2f192c9fa841ff6cb6b690e4c90a12b6e512b44c62f800834b437c781f919d
                                                        • Opcode Fuzzy Hash: a45b49ebfaec9f93d216bb43dd27c6089322cc6c0ed78b0593a1cae9081cd103
                                                        • Instruction Fuzzy Hash: F3619A34204241AFD310EF24D885F6ABBE4EF84714F1445ADF9669B2A2DF31DD0ACB62
                                                        Function 00BC698F Relevance: 21.4, APIs: 7, Strings: 5, Instructions: 363timefileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • FindFirstFileW.KERNEL32(?,?), ref: 00BC69BE
                                                        • FindClose.KERNEL32(00000000), ref: 00BC6A12
                                                        • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00BC6A4E
                                                        • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00BC6A75
                                                          • Part of subcall function 00B59CB3: _wcslen.LIBCMT ref: 00B59CBD
                                                        • FileTimeToSystemTime.KERNEL32(?,?), ref: 00BC6AB2
                                                        • FileTimeToSystemTime.KERNEL32(?,?), ref: 00BC6ADF
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: Time$File$FindLocalSystem$CloseFirst_wcslen
                                                        • String ID: %02d$%03d$%4d$%4d%02d%02d%02d%02d%02d$%4d%02d%02d%02d%02d%02d%03d
                                                        • API String ID: 3830820486-3289030164
                                                        • Opcode ID: c67e36dd6201e798eddccb16530afea9ebea7b0169e5c8635e69b5b83cec551b
                                                        • Instruction ID: 022f204e2f40e33380e88e5c3da7b3848e0ead2b94f051249417dcc8fc2e25b3
                                                        • Opcode Fuzzy Hash: c67e36dd6201e798eddccb16530afea9ebea7b0169e5c8635e69b5b83cec551b
                                                        • Instruction Fuzzy Hash: 52D15071508340AFC314EBA4D881EABB7ECEF88705F44499DF989C7191EB74DA49CB62
                                                        Function 00BC9642 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 118fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • FindFirstFileW.KERNEL32(?,?,774C8FB0,?,00000000), ref: 00BC9663
                                                        • GetFileAttributesW.KERNEL32(?), ref: 00BC96A1
                                                        • SetFileAttributesW.KERNEL32(?,?), ref: 00BC96BB
                                                        • FindNextFileW.KERNEL32(00000000,?), ref: 00BC96D3
                                                        • FindClose.KERNEL32(00000000), ref: 00BC96DE
                                                        • FindFirstFileW.KERNEL32(*.*,?), ref: 00BC96FA
                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 00BC974A
                                                        • SetCurrentDirectoryW.KERNEL32(00C16B7C), ref: 00BC9768
                                                        • FindNextFileW.KERNEL32(00000000,00000010), ref: 00BC9772
                                                        • FindClose.KERNEL32(00000000), ref: 00BC977F
                                                        • FindClose.KERNEL32(00000000), ref: 00BC978F
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: Find$File$Close$AttributesCurrentDirectoryFirstNext
                                                        • String ID: *.*
                                                        • API String ID: 1409584000-438819550
                                                        • Opcode ID: 7be035ac5c971f45fccb12cf79b8765e30a4957fb770ba93327543d1f58e97ef
                                                        • Instruction ID: af10cf3fdac623e4fb88cf739f9444957acac47b40993eeb8b2489623ace7153
                                                        • Opcode Fuzzy Hash: 7be035ac5c971f45fccb12cf79b8765e30a4957fb770ba93327543d1f58e97ef
                                                        • Instruction Fuzzy Hash: C931B0325412596BEB20AFB4DC4DFDE7BECEF09320F1041AAE915E31A0DB74DD818A64
                                                        Function 00BC979D Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 111fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • FindFirstFileW.KERNEL32(?,?,774C8FB0,?,00000000), ref: 00BC97BE
                                                        • FindNextFileW.KERNEL32(00000000,?), ref: 00BC9819
                                                        • FindClose.KERNEL32(00000000), ref: 00BC9824
                                                        • FindFirstFileW.KERNEL32(*.*,?), ref: 00BC9840
                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 00BC9890
                                                        • SetCurrentDirectoryW.KERNEL32(00C16B7C), ref: 00BC98AE
                                                        • FindNextFileW.KERNEL32(00000000,00000010), ref: 00BC98B8
                                                        • FindClose.KERNEL32(00000000), ref: 00BC98C5
                                                        • FindClose.KERNEL32(00000000), ref: 00BC98D5
                                                          • Part of subcall function 00BBDAE5: CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000), ref: 00BBDB00
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: Find$File$Close$CurrentDirectoryFirstNext$Create
                                                        • String ID: *.*
                                                        • API String ID: 2640511053-438819550
                                                        • Opcode ID: ec7bc0302a95f6c3528ce219358ebf091b8dcc8cbf2a772e60a42a80a3c60eb6
                                                        • Instruction ID: 24401168cbf8abe156514683acca3c9ac1e09cd9925b88c94e36f0fa15ca3404
                                                        • Opcode Fuzzy Hash: ec7bc0302a95f6c3528ce219358ebf091b8dcc8cbf2a772e60a42a80a3c60eb6
                                                        • Instruction Fuzzy Hash: BD31F3315002596AEB20AFA4DC48FDE77ECDF06360F1040A9E964A30D0DB71DE859A24
                                                        Function 00BDBE44 Relevance: 17.0, APIs: 11, Instructions: 456registryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00BDC998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00BDB6AE,?,?), ref: 00BDC9B5
                                                          • Part of subcall function 00BDC998: _wcslen.LIBCMT ref: 00BDC9F1
                                                          • Part of subcall function 00BDC998: _wcslen.LIBCMT ref: 00BDCA68
                                                          • Part of subcall function 00BDC998: _wcslen.LIBCMT ref: 00BDCA9E
                                                        • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00BDBF3E
                                                        • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?), ref: 00BDBFA9
                                                        • RegCloseKey.ADVAPI32(00000000), ref: 00BDBFCD
                                                        • RegQueryValueExW.ADVAPI32(?,?,00000000,?,00000000,?), ref: 00BDC02C
                                                        • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,00000008), ref: 00BDC0E7
                                                        • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 00BDC154
                                                        • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 00BDC1E9
                                                        • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,00000000,?,?,?,00000000), ref: 00BDC23A
                                                        • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 00BDC2E3
                                                        • RegCloseKey.ADVAPI32(?,?,00000000), ref: 00BDC382
                                                        • RegCloseKey.ADVAPI32(00000000), ref: 00BDC38F
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: QueryValue$Close_wcslen$BuffCharConnectOpenRegistryUpper
                                                        • String ID:
                                                        • API String ID: 3102970594-0
                                                        • Opcode ID: 14d7ed7d3d7f9a60c68489a32063af2eade89154072f8d9aa75a4d23b3672ee2
                                                        • Instruction ID: f182f6c6eb5b0a7689fa3b595eacd04888785d3451cdc98dd262f786c87a11db
                                                        • Opcode Fuzzy Hash: 14d7ed7d3d7f9a60c68489a32063af2eade89154072f8d9aa75a4d23b3672ee2
                                                        • Instruction Fuzzy Hash: BD023A716042019FD714DF28C895E2ABBE5EF49318F18849DF84A9B3A2EB31ED46CB51
                                                        Function 00BC8195 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 186timeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetLocalTime.KERNEL32(?), ref: 00BC8257
                                                        • SystemTimeToFileTime.KERNEL32(?,?), ref: 00BC8267
                                                        • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00BC8273
                                                        • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00BC8310
                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 00BC8324
                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 00BC8356
                                                        • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 00BC838C
                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 00BC8395
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: CurrentDirectoryTime$File$Local$System
                                                        • String ID: *.*
                                                        • API String ID: 1464919966-438819550
                                                        • Opcode ID: 83fb05a3d6e8af736c2f106d5fbf76f6be15ce8a447ea58ded3ca01f78ede21f
                                                        • Instruction ID: 3bf66dde73be1c5f2fd26a80efaef264650390fd64e271bfaafc78a6469b8d35
                                                        • Opcode Fuzzy Hash: 83fb05a3d6e8af736c2f106d5fbf76f6be15ce8a447ea58ded3ca01f78ede21f
                                                        • Instruction Fuzzy Hash: F4617C725043459FC710EF60D884EAEB7E8FF89310F04899EF99997251EB31E949CB92
                                                        Function 00BBD076 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 172fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00B53AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00B53A97,?,?,00B52E7F,?,?,?,00000000), ref: 00B53AC2
                                                          • Part of subcall function 00BBE199: GetFileAttributesW.KERNEL32(?,00BBCF95), ref: 00BBE19A
                                                        • FindFirstFileW.KERNEL32(?,?), ref: 00BBD122
                                                        • DeleteFileW.KERNEL32(?,?,?,?,?,00000000,?,?,?), ref: 00BBD1DD
                                                        • MoveFileW.KERNEL32(?,?), ref: 00BBD1F0
                                                        • DeleteFileW.KERNEL32(?,?,?,?), ref: 00BBD20D
                                                        • FindNextFileW.KERNEL32(00000000,00000010), ref: 00BBD237
                                                          • Part of subcall function 00BBD29C: CopyFileExW.KERNEL32(?,?,00000000,00000000,00000000,00000008,?,?,00BBD21C,?,?), ref: 00BBD2B2
                                                        • FindClose.KERNEL32(00000000,?,?,?), ref: 00BBD253
                                                        • FindClose.KERNEL32(00000000), ref: 00BBD264
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: File$Find$CloseDelete$AttributesCopyFirstFullMoveNameNextPath
                                                        • String ID: \*.*
                                                        • API String ID: 1946585618-1173974218
                                                        • Opcode ID: 3eebe193049bc7612b261eb2430368a771d0b53abc6618ddb454e0d8dd894486
                                                        • Instruction ID: d027b70d0cb380970b06446287b97b7245793c2c5a20584e8f37b02ed596d97f
                                                        • Opcode Fuzzy Hash: 3eebe193049bc7612b261eb2430368a771d0b53abc6618ddb454e0d8dd894486
                                                        • Instruction Fuzzy Hash: 07614C3180114DABCF05EBA4C992AFDB7F5AF15341F2441E5E80277192EB75AF0ADB60
                                                        Function 00BCED6A Relevance: 13.6, APIs: 9, Instructions: 102clipboardmemoryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: Clipboard$AllocCloseEmptyGlobalOpen
                                                        • String ID:
                                                        • API String ID: 1737998785-0
                                                        • Opcode ID: 40e06977a0b08225a13018a9abf50d752a494776c71dd9d1e1b831eae1c14b6d
                                                        • Instruction ID: 41545ac5520d704bb5ea67fd6e232e6d22a952d5443d0a23ff9234e1ef5f3ab7
                                                        • Opcode Fuzzy Hash: 40e06977a0b08225a13018a9abf50d752a494776c71dd9d1e1b831eae1c14b6d
                                                        • Instruction Fuzzy Hash: D0415835604651EFE720DF15D888F1ABBE5EF44359F14809DE82A8F662CB35ED42CB90
                                                        Function 00BBE8F6 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 57shutdownCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00BB16C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00BB170D
                                                          • Part of subcall function 00BB16C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00BB173A
                                                          • Part of subcall function 00BB16C3: GetLastError.KERNEL32 ref: 00BB174A
                                                        • ExitWindowsEx.USER32(?,00000000), ref: 00BBE932
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: AdjustErrorExitLastLookupPrivilegePrivilegesTokenValueWindows
                                                        • String ID: $ $@$SeShutdownPrivilege
                                                        • API String ID: 2234035333-3163812486
                                                        • Opcode ID: 1397978b3b98dbc8828e9e54949b258733028f275fce0452a266a6e34d4948a9
                                                        • Instruction ID: 7cff926bfe25238b1b94fa14bb32a6f30e7004103db7253fe145426e707d5713
                                                        • Opcode Fuzzy Hash: 1397978b3b98dbc8828e9e54949b258733028f275fce0452a266a6e34d4948a9
                                                        • Instruction Fuzzy Hash: AE01F232610210AFEB1826B89CCABFB72DCD714740F1408A2F863E30E2DAF0DC488190
                                                        Function 00BD1204 Relevance: 12.1, APIs: 8, Instructions: 113networkCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • socket.WSOCK32(00000002,00000001,00000006), ref: 00BD1276
                                                        • WSAGetLastError.WSOCK32 ref: 00BD1283
                                                        • bind.WSOCK32(00000000,?,00000010), ref: 00BD12BA
                                                        • WSAGetLastError.WSOCK32 ref: 00BD12C5
                                                        • closesocket.WSOCK32(00000000), ref: 00BD12F4
                                                        • listen.WSOCK32(00000000,00000005), ref: 00BD1303
                                                        • WSAGetLastError.WSOCK32 ref: 00BD130D
                                                        • closesocket.WSOCK32(00000000), ref: 00BD133C
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: ErrorLast$closesocket$bindlistensocket
                                                        • String ID:
                                                        • API String ID: 540024437-0
                                                        • Opcode ID: 6203ee79cf6c7106280a220d34ee35489164819eeda3f17ef6e9698af70d8622
                                                        • Instruction ID: 4d2c927cc31ea982043e5ccbae3fdf4f595792b97aa2d7d81afecbbb0c155aff
                                                        • Opcode Fuzzy Hash: 6203ee79cf6c7106280a220d34ee35489164819eeda3f17ef6e9698af70d8622
                                                        • Instruction Fuzzy Hash: CF417D31600240AFD714DF68D584B29FBE5EF46318F1884C9E8568F392D771EC86CBA1
                                                        Function 00B8B952 Relevance: 10.9, APIs: 7, Instructions: 370timeCOMMONLIBRARYCODE
                                                        Download Yara Rule
                                                        APIs
                                                        • _free.LIBCMT ref: 00B8B9D4
                                                        • _free.LIBCMT ref: 00B8B9F8
                                                        • _free.LIBCMT ref: 00B8BB7F
                                                        • GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,00BF3700), ref: 00B8BB91
                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,00C2121C,000000FF,00000000,0000003F,00000000,?,?), ref: 00B8BC09
                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,00C21270,000000FF,?,0000003F,00000000,?), ref: 00B8BC36
                                                        • _free.LIBCMT ref: 00B8BD4B
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: _free$ByteCharMultiWide$InformationTimeZone
                                                        • String ID:
                                                        • API String ID: 314583886-0
                                                        • Opcode ID: 73d7876d93eec79ea04c8083ae2ee4ecf0146a16f7e16f59e1de3518af5f69c1
                                                        • Instruction ID: 484a2090ba9140205f30c5651e5ffb41da4958b1ee3a4c7dd5423e207dda7855
                                                        • Opcode Fuzzy Hash: 73d7876d93eec79ea04c8083ae2ee4ecf0146a16f7e16f59e1de3518af5f69c1
                                                        • Instruction Fuzzy Hash: 74C1E571904205AFDB24BF799851FAE7BE8EF55310F1841EAE894D7272EB309E41CB50
                                                        Function 00BBD3A9 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 91fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00B53AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00B53A97,?,?,00B52E7F,?,?,?,00000000), ref: 00B53AC2
                                                          • Part of subcall function 00BBE199: GetFileAttributesW.KERNEL32(?,00BBCF95), ref: 00BBE19A
                                                        • FindFirstFileW.KERNEL32(?,?), ref: 00BBD420
                                                        • DeleteFileW.KERNEL32(?,?,?,?), ref: 00BBD470
                                                        • FindNextFileW.KERNEL32(00000000,00000010), ref: 00BBD481
                                                        • FindClose.KERNEL32(00000000), ref: 00BBD498
                                                        • FindClose.KERNEL32(00000000), ref: 00BBD4A1
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: FileFind$Close$AttributesDeleteFirstFullNameNextPath
                                                        • String ID: \*.*
                                                        • API String ID: 2649000838-1173974218
                                                        • Opcode ID: b85e6c7c297c9d6369af7e5d1904a10d6a2f5e0fe24ffb78fcdc6741cc51127e
                                                        • Instruction ID: 8f01aeb9978827a02fcfa9e1355b2bd4f996cf008e7f9c647b5f217d092fbe3e
                                                        • Opcode Fuzzy Hash: b85e6c7c297c9d6369af7e5d1904a10d6a2f5e0fe24ffb78fcdc6741cc51127e
                                                        • Instruction Fuzzy Hash: DF316D310083859BC200EF64C8929EFB7E8AE91351F444AADF8D193291EB64AA0DC762
                                                        Function 00B8E4FF Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1381COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: __floor_pentium4
                                                        • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                        • API String ID: 4168288129-2761157908
                                                        • Opcode ID: 8ca93adaa9de94c28e9298020fb8a009698d544ba2ee47d86d2fbdf7cb204cb6
                                                        • Instruction ID: 8df774b929ea2fea383fccb72f2e0b75957e580f2c030a01c875d4a2785036ca
                                                        • Opcode Fuzzy Hash: 8ca93adaa9de94c28e9298020fb8a009698d544ba2ee47d86d2fbdf7cb204cb6
                                                        • Instruction Fuzzy Hash: E8C21771E086298FDB25EE289D807EAB7F5EB48305F1441EAD85DE7250E774AE81CF40
                                                        Function 00BC648E Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 367comCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • _wcslen.LIBCMT ref: 00BC64DC
                                                        • CoInitialize.OLE32(00000000), ref: 00BC6639
                                                        • CoCreateInstance.OLE32(00BEFCF8,00000000,00000001,00BEFB68,?), ref: 00BC6650
                                                        • CoUninitialize.OLE32 ref: 00BC68D4
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: CreateInitializeInstanceUninitialize_wcslen
                                                        • String ID: .lnk
                                                        • API String ID: 886957087-24824748
                                                        • Opcode ID: 3693aa5e062c2a6516f17c9e0a95cf2c5282eb990e6f376b38618410735b6ce1
                                                        • Instruction ID: a40e8d2742f801eef05fb345aca217ba9cffe57b2f10c095d01d3e19f57fb40b
                                                        • Opcode Fuzzy Hash: 3693aa5e062c2a6516f17c9e0a95cf2c5282eb990e6f376b38618410735b6ce1
                                                        • Instruction Fuzzy Hash: DFD12871508301AFC304DF24C881E6BB7E9FF94705F5449ADF5958B2A1EB70E949CB92
                                                        Function 00BD22DA Relevance: 9.1, APIs: 6, Instructions: 103COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetForegroundWindow.USER32(?,?,00000000), ref: 00BD22E8
                                                          • Part of subcall function 00BCE4EC: GetWindowRect.USER32(?,?), ref: 00BCE504
                                                        • GetDesktopWindow.USER32 ref: 00BD2312
                                                        • GetWindowRect.USER32(00000000), ref: 00BD2319
                                                        • mouse_event.USER32(00008001,?,?,00000002,00000002), ref: 00BD2355
                                                        • GetCursorPos.USER32(?), ref: 00BD2381
                                                        • mouse_event.USER32(00008001,?,?,00000000,00000000), ref: 00BD23DF
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: Window$Rectmouse_event$CursorDesktopForeground
                                                        • String ID:
                                                        • API String ID: 2387181109-0
                                                        • Opcode ID: 979ec6a90087416ad65c4d8f09811152c17bfbd42f61f46cff02d4f139148dab
                                                        • Instruction ID: fac475cbd1ac2bc79c36ee6ebf50ecc3ceed3bf2d653b3eb63d8a7336d6ff4a6
                                                        • Opcode Fuzzy Hash: 979ec6a90087416ad65c4d8f09811152c17bfbd42f61f46cff02d4f139148dab
                                                        • Instruction Fuzzy Hash: D1310272504345AFCB20DF14C845FABBBE9FF94320F00091AF8949B291DB34EA09CB92
                                                        Function 00BC9B2B Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 119filesleepCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00B59CB3: _wcslen.LIBCMT ref: 00B59CBD
                                                        • FindFirstFileW.KERNEL32(00000001,?,*.*,?,?,00000000,00000000), ref: 00BC9B78
                                                        • FindClose.KERNEL32(00000000,?,00000000,00000000), ref: 00BC9C8B
                                                          • Part of subcall function 00BC3874: GetInputState.USER32 ref: 00BC38CB
                                                          • Part of subcall function 00BC3874: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00BC3966
                                                        • Sleep.KERNEL32(0000000A,?,00000000,00000000), ref: 00BC9BA8
                                                        • FindNextFileW.KERNEL32(?,?,?,00000000,00000000), ref: 00BC9C75
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: Find$File$CloseFirstInputMessageNextPeekSleepState_wcslen
                                                        • String ID: *.*
                                                        • API String ID: 1972594611-438819550
                                                        • Opcode ID: a5f23a859e31ece8a82af42936824cb9949d18bbb64d9932aa06118287b62bd1
                                                        • Instruction ID: ab552eaebe4a9a604596cd8e4fdb097f5bb480d69fd6a3937d7e94650d3ffa99
                                                        • Opcode Fuzzy Hash: a5f23a859e31ece8a82af42936824cb9949d18bbb64d9932aa06118287b62bd1
                                                        • Instruction Fuzzy Hash: 0F415C7190420AABDF14DF64C889FEEBBF8EF05311F2441D9E815A6191EB319E85CB64
                                                        Function 00B6997D Relevance: 7.9, APIs: 5, Instructions: 375COMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00B69BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00B69BB2
                                                        • DefDlgProcW.USER32(?,?,?,?,?), ref: 00B69A4E
                                                        • GetSysColor.USER32(0000000F), ref: 00B69B23
                                                        • SetBkColor.GDI32(?,00000000), ref: 00B69B36
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: Color$LongProcWindow
                                                        • String ID:
                                                        • API String ID: 3131106179-0
                                                        • Opcode ID: 3c325e570361f563e7844d80da72c2087402f5899529dcb8f921177bb814609c
                                                        • Instruction ID: ce25bd70a654bff2934a4c239e05070f512c49cd645cdcd7959b1620cc81a132
                                                        • Opcode Fuzzy Hash: 3c325e570361f563e7844d80da72c2087402f5899529dcb8f921177bb814609c
                                                        • Instruction Fuzzy Hash: 0DA1167024D444BEE728AA6D8CD8F7F2ADDDB43700B1902DAF502D6AD5CE399D06C672
                                                        Function 00BD1806 Relevance: 7.7, APIs: 5, Instructions: 153networkCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00BD304E: inet_addr.WSOCK32(?), ref: 00BD307A
                                                          • Part of subcall function 00BD304E: _wcslen.LIBCMT ref: 00BD309B
                                                        • socket.WSOCK32(00000002,00000002,00000011), ref: 00BD185D
                                                        • WSAGetLastError.WSOCK32 ref: 00BD1884
                                                        • bind.WSOCK32(00000000,?,00000010), ref: 00BD18DB
                                                        • WSAGetLastError.WSOCK32 ref: 00BD18E6
                                                        • closesocket.WSOCK32(00000000), ref: 00BD1915
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: ErrorLast$_wcslenbindclosesocketinet_addrsocket
                                                        • String ID:
                                                        • API String ID: 1601658205-0
                                                        • Opcode ID: fb3492d6542ba0765fa62c16dedce851df1ddafee2cccc9a229c5a67294183c9
                                                        • Instruction ID: 25a6f53e573acc6cb9e392819092ff7d51c6b1b655d31f0ec2af4d129e8d1464
                                                        • Opcode Fuzzy Hash: fb3492d6542ba0765fa62c16dedce851df1ddafee2cccc9a229c5a67294183c9
                                                        • Instruction Fuzzy Hash: D651A171A00200AFDB10EF24D896F2ABBE5EB44718F0484DCF9095F393DB75AD468BA1
                                                        Function 00BE1C41 Relevance: 7.6, APIs: 5, Instructions: 83windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: Window$EnabledForegroundIconicVisibleZoomed
                                                        • String ID:
                                                        • API String ID: 292994002-0
                                                        • Opcode ID: 24d98b092f37261ac371c7bc2a2e57daeb96d7a2b6d90c6d86e5ce87f5844b13
                                                        • Instruction ID: db842910cd64c45c4bbcadf250d5a4eb2f3c13742258469ac21a3b446f510a32
                                                        • Opcode Fuzzy Hash: 24d98b092f37261ac371c7bc2a2e57daeb96d7a2b6d90c6d86e5ce87f5844b13
                                                        • Instruction Fuzzy Hash: 7B217F317402915FD7219F2BD884B6A7BE5EF95315B3988A8E84ACF351CB71EC42CB90
                                                        Function 00B58060 Relevance: 7.4, Strings: 5, Instructions: 1151COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: ERCP$VUUU$VUUU$VUUU$VUUU
                                                        • API String ID: 0-1546025612
                                                        • Opcode ID: c7c9b22193cc671ec4ce34bd70ab536b1a60de2892d6b7bcf6c8def6269458b5
                                                        • Instruction ID: d92d5a5eab1caf748aa503b28b577571eb5509740f9cd64ffb1e93d05827feaa
                                                        • Opcode Fuzzy Hash: c7c9b22193cc671ec4ce34bd70ab536b1a60de2892d6b7bcf6c8def6269458b5
                                                        • Instruction Fuzzy Hash: BEA24A71A0061ACBDF25CF58C9807AEB7F1FB54311F2481EAEC15AB285EB709D85CB90
                                                        Function 00BBAA57 Relevance: 6.1, APIs: 4, Instructions: 107keyboardwindowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetKeyboardState.USER32(?,00000001,00000040,00000000), ref: 00BBAAAC
                                                        • SetKeyboardState.USER32(00000080), ref: 00BBAAC8
                                                        • PostMessageW.USER32(?,00000102,00000001,00000001), ref: 00BBAB36
                                                        • SendInput.USER32(00000001,?,0000001C,00000001,00000040,00000000), ref: 00BBAB88
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: KeyboardState$InputMessagePostSend
                                                        • String ID:
                                                        • API String ID: 432972143-0
                                                        • Opcode ID: d95964e26e0fb5a7a921ed84b28a7de3963f04d07f319ef40a9a61d4e53f6e26
                                                        • Instruction ID: dfe3a52d5dce711683a475af2ad611f7c5fc72760acc1378a730bc3dfebd3ee4
                                                        • Opcode Fuzzy Hash: d95964e26e0fb5a7a921ed84b28a7de3963f04d07f319ef40a9a61d4e53f6e26
                                                        • Instruction Fuzzy Hash: CB31F430E40248AFFF359B64CC45BFA7BE6EB44310F04429AF5A1961D1D7F58985C762
                                                        Function 00BCCE44 Relevance: 6.1, APIs: 4, Instructions: 75filenetworkCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • InternetReadFile.WININET(?,?,00000400,?), ref: 00BCCE89
                                                        • GetLastError.KERNEL32(?,00000000), ref: 00BCCEEA
                                                        • SetEvent.KERNEL32(?,?,00000000), ref: 00BCCEFE
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: ErrorEventFileInternetLastRead
                                                        • String ID:
                                                        • API String ID: 234945975-0
                                                        • Opcode ID: c89e7869ff6c8e4bd01caf9e9d20d732c9727a9a1f4d4f223a45ba630077d5b7
                                                        • Instruction ID: 73814f73af49036bc15f0e14a1a975c0b7cb187ae55e856ae1716ea5e71ec3a7
                                                        • Opcode Fuzzy Hash: c89e7869ff6c8e4bd01caf9e9d20d732c9727a9a1f4d4f223a45ba630077d5b7
                                                        • Instruction Fuzzy Hash: 9421ED719003069BD720CF65C988FAA7BF8EF21304F10849EE64AD2151EB30EE098B50
                                                        Function 00BB8298 Relevance: 5.1, APIs: 1, Strings: 2, Instructions: 568stringCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • lstrlenW.KERNEL32(?,?,?,00000000), ref: 00BB82AA
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: lstrlen
                                                        • String ID: ($|
                                                        • API String ID: 1659193697-1631851259
                                                        • Opcode ID: 859c77611b4acea1f112cfc21b642c686babd215c2f14b391f49020f68a76021
                                                        • Instruction ID: 1a0d7bc964411aeb7e3db2aa19ab3c92be95e40adc2804523bbe211cc124d90f
                                                        • Opcode Fuzzy Hash: 859c77611b4acea1f112cfc21b642c686babd215c2f14b391f49020f68a76021
                                                        • Instruction Fuzzy Hash: E5322775A00605DFCB28CF59C4819AAB7F4FF48710B15C5AEE49ADB3A1EBB0E941CB44
                                                        Function 00BC5C97 Relevance: 4.6, APIs: 3, Instructions: 138fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • FindFirstFileW.KERNEL32(?,?), ref: 00BC5CC1
                                                        • FindNextFileW.KERNEL32(00000000,?), ref: 00BC5D17
                                                        • FindClose.KERNEL32(?), ref: 00BC5D5F
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: Find$File$CloseFirstNext
                                                        • String ID:
                                                        • API String ID: 3541575487-0
                                                        • Opcode ID: 3933b476e5e815df336e1a502e3c58ed89fda07d3b0eacc5970f58578fa3e3bf
                                                        • Instruction ID: 28a5319a2d42b52b98a976328431ede0013c2e2d2d506164100b87b59b38ac84
                                                        • Opcode Fuzzy Hash: 3933b476e5e815df336e1a502e3c58ed89fda07d3b0eacc5970f58578fa3e3bf
                                                        • Instruction Fuzzy Hash: 105147746047019FC724DF28C494E96BBE4FF49314F1485ADE9AA8B3A2DB30F985CB91
                                                        Function 00B82622 Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE
                                                        Download Yara Rule
                                                        APIs
                                                        • IsDebuggerPresent.KERNEL32 ref: 00B8271A
                                                        • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00B82724
                                                        • UnhandledExceptionFilter.KERNEL32(?), ref: 00B82731
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                        • String ID:
                                                        • API String ID: 3906539128-0
                                                        • Opcode ID: ecab80f6d44463f29eca3abb1d7a80edbb75be034e0c1279aa9ffcd292d245bd
                                                        • Instruction ID: 8b7881f0d47c8d5e08a353855741ca00be45457d2043c87411af5cf449c5d4ed
                                                        • Opcode Fuzzy Hash: ecab80f6d44463f29eca3abb1d7a80edbb75be034e0c1279aa9ffcd292d245bd
                                                        • Instruction Fuzzy Hash: 6531B474911218ABCB21DF64DC8979DBBF8EF08310F5081EAE41CA7261EB309F818F45
                                                        Function 00BC51CD Relevance: 4.6, APIs: 3, Instructions: 76COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetErrorMode.KERNEL32(00000001), ref: 00BC51DA
                                                        • GetDiskFreeSpaceExW.KERNEL32(?,?,?,?), ref: 00BC5238
                                                        • SetErrorMode.KERNEL32(00000000), ref: 00BC52A1
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: ErrorMode$DiskFreeSpace
                                                        • String ID:
                                                        • API String ID: 1682464887-0
                                                        • Opcode ID: 14e4a48e38643180f0a678b6c0e9c790a6162fa8c067dc917f148058fb09b103
                                                        • Instruction ID: 6846d4b52e0b98bdd970f3dd7a60dc70537a7cb98da655ca58ea5cc8aa97616f
                                                        • Opcode Fuzzy Hash: 14e4a48e38643180f0a678b6c0e9c790a6162fa8c067dc917f148058fb09b103
                                                        • Instruction Fuzzy Hash: 74312975A006189FDB00DF54D884FADBBF5FF49314F048099E809AB262DB31E85ACB91
                                                        Function 00BB16C3 Relevance: 4.6, APIs: 3, Instructions: 68COMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00B6FDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 00B70668
                                                          • Part of subcall function 00B6FDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 00B70685
                                                        • LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00BB170D
                                                        • AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00BB173A
                                                        • GetLastError.KERNEL32 ref: 00BB174A
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: Exception@8Throw$AdjustErrorLastLookupPrivilegePrivilegesTokenValue
                                                        • String ID:
                                                        • API String ID: 577356006-0
                                                        • Opcode ID: 13c6e9fdd9b6e888c3e26e4932fc55ba4f2cfbcd9528da38757216e16e36135e
                                                        • Instruction ID: f7461c67294c39a49c735735d45976a66bd15d74fd04eaf8081c2e03155cc030
                                                        • Opcode Fuzzy Hash: 13c6e9fdd9b6e888c3e26e4932fc55ba4f2cfbcd9528da38757216e16e36135e
                                                        • Instruction Fuzzy Hash: 0111C1B2400305AFD7189F58ECC6DBABBFDEB04714B20856EE05657241EB70BC428B64
                                                        Function 00BBD5EB Relevance: 4.6, APIs: 3, Instructions: 58fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CreateFileW.KERNEL32(?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 00BBD608
                                                        • DeviceIoControl.KERNEL32(00000000,002D1400,?,0000000C,?,00000028,?,00000000), ref: 00BBD645
                                                        • CloseHandle.KERNEL32(?,?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 00BBD650
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: CloseControlCreateDeviceFileHandle
                                                        • String ID:
                                                        • API String ID: 33631002-0
                                                        • Opcode ID: c7d433cf6a9a5b7f66a650b640e2bc57597a03a1ff79c578f94ecba70d4dc311
                                                        • Instruction ID: 65d8e408c9606fc42513c68a2355ca82b6413d6e6c3d809f98b779b3d6802d57
                                                        • Opcode Fuzzy Hash: c7d433cf6a9a5b7f66a650b640e2bc57597a03a1ff79c578f94ecba70d4dc311
                                                        • Instruction Fuzzy Hash: 5A113C75E05228BBDB108F959C85FEFBFBCEB45B50F108155F904E7290D6B04A058BA1
                                                        Function 00BB1663 Relevance: 4.5, APIs: 3, Instructions: 40memoryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?), ref: 00BB168C
                                                        • CheckTokenMembership.ADVAPI32(00000000,?,?), ref: 00BB16A1
                                                        • FreeSid.ADVAPI32(?), ref: 00BB16B1
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: AllocateCheckFreeInitializeMembershipToken
                                                        • String ID:
                                                        • API String ID: 3429775523-0
                                                        • Opcode ID: 80481376c3fb9c478046fb1f9cbf5889eda77f069df26fb3c9e7143734c0d693
                                                        • Instruction ID: f8448ff1cee776bbc41947532e1501054449dfe141b2a1fa224ec288a797834b
                                                        • Opcode Fuzzy Hash: 80481376c3fb9c478046fb1f9cbf5889eda77f069df26fb3c9e7143734c0d693
                                                        • Instruction Fuzzy Hash: 26F0F471950309FBDB00DFE49C89AAEBBBCEB08604F5049A5E501E6181E774AA448A50
                                                        Function 00B8C2A2 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 127COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: /
                                                        • API String ID: 0-2043925204
                                                        • Opcode ID: 5c90df31417130bcc931f01c34704fe3c4612ef89b25fc907ae064352e5eb734
                                                        • Instruction ID: 34fefc7cc1b1a57f12c13ff8c8b363d22bf768ee229a96b9986530072cf02fb1
                                                        • Opcode Fuzzy Hash: 5c90df31417130bcc931f01c34704fe3c4612ef89b25fc907ae064352e5eb734
                                                        • Instruction Fuzzy Hash: 41412BB6500219AFCB24AFB9DC89EBB7BF8EB84314F5041E9F905D7190E6709D81CB64
                                                        Function 00BAD27A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetUserNameW.ADVAPI32(?,?), ref: 00BAD28C
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: NameUser
                                                        • String ID: X64
                                                        • API String ID: 2645101109-893830106
                                                        • Opcode ID: 90fbb57cb9fd18aeaf65673dd3312dca06eba4243df2faceee43060f406aa2a5
                                                        • Instruction ID: 282db363ab0cd5321cce2f83a1e6bfd5e251e8d8816480f09abd815a796b88fd
                                                        • Opcode Fuzzy Hash: 90fbb57cb9fd18aeaf65673dd3312dca06eba4243df2faceee43060f406aa2a5
                                                        • Instruction Fuzzy Hash: DED0CAB480522EEACB90DBA0ECC8EDAB7BCBB04305F200292F506A2000DB3496498F20
                                                        Function 00B7CAA0 Relevance: 3.5, APIs: 2, Instructions: 464COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
                                                        • Instruction ID: b5d7b3e01f6521181e1c0bed6595489810512b8ef8df8ec2181acd48e5ba958c
                                                        • Opcode Fuzzy Hash: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
                                                        • Instruction Fuzzy Hash: ED021D71E001199FDF24CFA9D8806ADBBF1EF48314F2581ADD929EB384D731AA458B94
                                                        Function 00BC68EE Relevance: 3.1, APIs: 2, Instructions: 57fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • FindFirstFileW.KERNEL32(?,?), ref: 00BC6918
                                                        • FindClose.KERNEL32(00000000), ref: 00BC6961
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: Find$CloseFileFirst
                                                        • String ID:
                                                        • API String ID: 2295610775-0
                                                        • Opcode ID: caf918b6e069ef09aca156d48f7b18d216b125a52ddd5fa8e589d913370cb948
                                                        • Instruction ID: 621687494927345683c92d645ac3083606ad737749215932e6659a2109131b1e
                                                        • Opcode Fuzzy Hash: caf918b6e069ef09aca156d48f7b18d216b125a52ddd5fa8e589d913370cb948
                                                        • Instruction Fuzzy Hash: 1A117F716042009FC710DF29D885F16BBE5EF89329F14C69DE8698F2A2CB70EC05CB91
                                                        Function 00BC37B5 Relevance: 3.0, APIs: 2, Instructions: 33windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetLastError.KERNEL32(00000000,?,00000FFF,00000000,?,?,?,00BD4891,?,?,00000035,?), ref: 00BC37E4
                                                        • FormatMessageW.KERNEL32(00001000,00000000,?,00000000,?,00000FFF,00000000,?,?,?,00BD4891,?,?,00000035,?), ref: 00BC37F4
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: ErrorFormatLastMessage
                                                        • String ID:
                                                        • API String ID: 3479602957-0
                                                        • Opcode ID: 676887fb93768ff132ca1a470f66b1941660296cf71ebb8f70ca6195bfa014c4
                                                        • Instruction ID: 583a9e70ae1a62026b61067c239bbc9632570511c2c53e78bc648f81020bbfa0
                                                        • Opcode Fuzzy Hash: 676887fb93768ff132ca1a470f66b1941660296cf71ebb8f70ca6195bfa014c4
                                                        • Instruction Fuzzy Hash: 1BF0E5B16043296AEB20176A8C8DFEB3BEEEFC5B61F0001B5F609D3281D9709D44C6B1
                                                        Function 00BBB226 Relevance: 3.0, APIs: 2, Instructions: 29keyboardCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SendInput.USER32(00000001,?,0000001C,?,?,00000002), ref: 00BBB25D
                                                        • keybd_event.USER32(?,7707C0D0,?,00000000), ref: 00BBB270
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: InputSendkeybd_event
                                                        • String ID:
                                                        • API String ID: 3536248340-0
                                                        • Opcode ID: 9a54aaa2e3336274be392e87d4b5c9baed914e394e3ca0e756e9f36e03139fb6
                                                        • Instruction ID: 80d56ed133d9a8e561636c9ae514fe706f1c51da9ef4e18c9253cc93bcf039ca
                                                        • Opcode Fuzzy Hash: 9a54aaa2e3336274be392e87d4b5c9baed914e394e3ca0e756e9f36e03139fb6
                                                        • Instruction Fuzzy Hash: 08F01D7180428DABDB059FA1C846BFE7FB4FF04305F008049F965AA191C7B9C6119F94
                                                        Function 00BB10BF Relevance: 3.0, APIs: 2, Instructions: 24COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,00BB11FC), ref: 00BB10D4
                                                        • CloseHandle.KERNEL32(?,?,00BB11FC), ref: 00BB10E9
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: AdjustCloseHandlePrivilegesToken
                                                        • String ID:
                                                        • API String ID: 81990902-0
                                                        • Opcode ID: fb1e1bd07b3a6e4a761926eae309c1b2478263c2291172a392ec199f0d3afacd
                                                        • Instruction ID: 82eaef9d56cc990b9dc230bf1d81448cef8a08dd900241fd7ae4e9a9f908af51
                                                        • Opcode Fuzzy Hash: fb1e1bd07b3a6e4a761926eae309c1b2478263c2291172a392ec199f0d3afacd
                                                        • Instruction Fuzzy Hash: 30E04F32004601AFE7256B15FC05E737BE9EB04310B10886EF4A5854B1DB626C90DB14
                                                        Function 00B5CAF0 Relevance: 1.9, Strings: 1, Instructions: 659COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        • Variable is not of type 'Object'., xrefs: 00BA0C40
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: Variable is not of type 'Object'.
                                                        • API String ID: 0-1840281001
                                                        • Opcode ID: 8ad03f77accea12ab788d798fbf3fb327c3b5663956289bff626a779e3106dcb
                                                        • Instruction ID: 817a03892929969d67880e1736c8af5564d79a6d29928d955bdc8f298d12f543
                                                        • Opcode Fuzzy Hash: 8ad03f77accea12ab788d798fbf3fb327c3b5663956289bff626a779e3106dcb
                                                        • Instruction Fuzzy Hash: FA3248709143189FCF14EF94C981BEDBBF6EF05305F1440E9E806AB292D775A94ACB61
                                                        Function 00B8676B Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE
                                                        Download Yara Rule
                                                        APIs
                                                        • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,00B86766,?,?,00000008,?,?,00B8FEFE,00000000), ref: 00B86998
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: ExceptionRaise
                                                        • String ID:
                                                        • API String ID: 3997070919-0
                                                        • Opcode ID: f33c98d59118cd0fe3c4286a3f69e7fd695870321726c6468b18744aed3d1891
                                                        • Instruction ID: b2b7f429b6342111214abd1418266e975072f4195992dfda5aafe2f0cbdf8eb7
                                                        • Opcode Fuzzy Hash: f33c98d59118cd0fe3c4286a3f69e7fd695870321726c6468b18744aed3d1891
                                                        • Instruction Fuzzy Hash: E8B14931610608DFD719DF28C48AB657BE0FF45364F258699E8AACF2B2C735E991CB40
                                                        Function 00B6B119 Relevance: 1.8, Strings: 1, Instructions: 511COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID: 0-3916222277
                                                        • Opcode ID: b8f678ad3ac1d019fff81e2c35f2c481287ed8ed24a6cbf4456cf9eb6c5f6a18
                                                        • Instruction ID: 86490ec359894887ce9d6f771b7121264a14ef7fb8e220aecdcfd7e091b97733
                                                        • Opcode Fuzzy Hash: b8f678ad3ac1d019fff81e2c35f2c481287ed8ed24a6cbf4456cf9eb6c5f6a18
                                                        • Instruction Fuzzy Hash: C71240719042299BDB14CF58C880BEEB7F5FF49710F1481AAE849EB255EB349A81CF94
                                                        Function 00BCEAA2 Relevance: 1.5, APIs: 1, Instructions: 25keyboardCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • BlockInput.USER32(00000001), ref: 00BCEABD
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: BlockInput
                                                        • String ID:
                                                        • API String ID: 3456056419-0
                                                        • Opcode ID: 8ccc92970bf3f6c15c4a7a99a8f4c932788bee60fbe3b47bc47f1a599ad16015
                                                        • Instruction ID: 3a57ad85e17a8aa52538048fdc4b85f6e8731bea8f693c9f2c21d131817817b9
                                                        • Opcode Fuzzy Hash: 8ccc92970bf3f6c15c4a7a99a8f4c932788bee60fbe3b47bc47f1a599ad16015
                                                        • Instruction Fuzzy Hash: 2CE01A312102049FC710EF69D844E9ABBE9AF98760F00849AFC49CB251DB70E8458B90
                                                        Function 00B709D5 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetUnhandledExceptionFilter.KERNEL32(Function_000209E1,00B703EE), ref: 00B709DA
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: ExceptionFilterUnhandled
                                                        • String ID:
                                                        • API String ID: 3192549508-0
                                                        • Opcode ID: 0573fb1c52603025ee5d2efd71e6b52d869bcff9b2c06edeed7d2d553832a1a0
                                                        • Instruction ID: 4afeee4c19c9b9f9a6c9c49df3bc9252d7911ffec34ec890b7a1d2751eba073f
                                                        • Opcode Fuzzy Hash: 0573fb1c52603025ee5d2efd71e6b52d869bcff9b2c06edeed7d2d553832a1a0
                                                        • Instruction Fuzzy Hash:
                                                        Function 00B7781B Relevance: 1.5, Strings: 1, Instructions: 214COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: 0
                                                        • API String ID: 0-4108050209
                                                        • Opcode ID: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
                                                        • Instruction ID: 80ea3531cec6667fc74cf21e9ce017d8d701a6346072d280045b867087162009
                                                        • Opcode Fuzzy Hash: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
                                                        • Instruction Fuzzy Hash: 1A5146616CC705AADB38856AC89DBBE23D5DB02300F18C9D9D9BED7282CE11DE01D397
                                                        Function 00B86DD9 Relevance: .6, Instructions: 637COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 4fa6257632fe0af23dca8c8f48f023dfe05df1b6bd82a2861126b6a8ae1a6095
                                                        • Instruction ID: 628c3411557b2ded1ebdd0612440ce33f8a0bb601f21fc9a36065b3be530491f
                                                        • Opcode Fuzzy Hash: 4fa6257632fe0af23dca8c8f48f023dfe05df1b6bd82a2861126b6a8ae1a6095
                                                        • Instruction Fuzzy Hash: 1632F621D69F014DD723A634D862335A689EFB73C9F25D737E816B69B5EF29C4838200
                                                        Function 00B6CC39 Relevance: .6, Instructions: 635COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: a17508d802cc000a3572fe565586c8310544ea17c36cd84ede7c8ca4428d4d2a
                                                        • Instruction ID: a1f0cf35dfc2e4ae2e17ea11d20c8a5647c02786a02ffc26527e9e82cd9a749b
                                                        • Opcode Fuzzy Hash: a17508d802cc000a3572fe565586c8310544ea17c36cd84ede7c8ca4428d4d2a
                                                        • Instruction Fuzzy Hash: A332F531A081598BCF28CE2CC4D06BD7FE1EB47314F2885E6D49A9B296E634DD81DB90
                                                        Function 00B57920 Relevance: .6, Instructions: 563COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 72c586e4a25345c951155df6e9cc39384190b97e1066a08bc58947d28031fdcb
                                                        • Instruction ID: fafc1d1a14e27ba795e715fb80a5c08d7edcf0fcde1a116cc9ad16638bc01624
                                                        • Opcode Fuzzy Hash: 72c586e4a25345c951155df6e9cc39384190b97e1066a08bc58947d28031fdcb
                                                        • Instruction Fuzzy Hash: 4F22A0B0A4460ADFDF14CF64D881BAEB7F5FF44300F2445B9E816A7291EB36A915CB50
                                                        Function 00B591C0 Relevance: .5, Instructions: 475COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 70a28ffec98709d2c090183350f6d215b4e18de3d3b54e21aece51ef50cb0676
                                                        • Instruction ID: cf0c0b4d25a8f8c7b578d45ea6d12168751211654d88e428e63d5e819708683a
                                                        • Opcode Fuzzy Hash: 70a28ffec98709d2c090183350f6d215b4e18de3d3b54e21aece51ef50cb0676
                                                        • Instruction Fuzzy Hash: F70283B0A00206EBDF04DF64D881BADBBF5FF44304F5081E9E8169B291EB35EA55CB95
                                                        Function 00B89EEE Relevance: .3, Instructions: 294COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 8f1665fc6d3120e6e865325d491bf1749ff67590c8acb05e546e0ec78556f1b3
                                                        • Instruction ID: b942aa26de270e3152de695ce8a8d11e08819518f80584eea2518346b05c25dc
                                                        • Opcode Fuzzy Hash: 8f1665fc6d3120e6e865325d491bf1749ff67590c8acb05e546e0ec78556f1b3
                                                        • Instruction Fuzzy Hash: 1DB11420D2AF414DD723A6398831336B69CAFBB6D5F91D31BFC1676D22EF2285838140
                                                        Function 00B71C77 Relevance: .3, Instructions: 254COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
                                                        • Instruction ID: ec551824a71134e7863edeef4040d365dff49516d68765528376388471f7cd69
                                                        • Opcode Fuzzy Hash: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
                                                        • Instruction Fuzzy Hash: A49178721090A34ADB29463E857503DFFE1DA523A171A8FEDD4FACA1C5FE10C955D630
                                                        Function 00B71F32 Relevance: .2, Instructions: 244COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 05e0b846b00456d0f1e87463b9d189974beed2fe63262d4392584e128a114ea2
                                                        • Instruction ID: a30282dff8db463564ad78fd79635a6982d5f0d8b65438d5cde188812153db3d
                                                        • Opcode Fuzzy Hash: 05e0b846b00456d0f1e87463b9d189974beed2fe63262d4392584e128a114ea2
                                                        • Instruction Fuzzy Hash: 639165726090A34EDB29473D847403EFFE19A923A131A87DED4FADE5C5EE24C554E630
                                                        Function 00B719B0 Relevance: .2, Instructions: 240COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
                                                        • Instruction ID: bd836565a4c007d97530ac98d01f7f08caa67361319d100c30368ff22d9c6330
                                                        • Opcode Fuzzy Hash: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
                                                        • Instruction Fuzzy Hash: C99164722090A34EDB2D467E857403DFFE19A923A131A8BDDD4FACA1C1FE24C659D630
                                                        Function 00B77A4A Relevance: .2, Instructions: 237COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 46a13b10c398b8092df48ca986c70507df2648e2df7b2bc7dc52d89aa9f558f6
                                                        • Instruction ID: 124c4a8e7c68c6e06aec094f76733a09eb0de522a7edf9d0fa499f8dc955fccb
                                                        • Opcode Fuzzy Hash: 46a13b10c398b8092df48ca986c70507df2648e2df7b2bc7dc52d89aa9f558f6
                                                        • Instruction Fuzzy Hash: 116168213CC70996EA349A3889E5BBE23D4DF45300F10C9DAE87EDB391DE119E42C755
                                                        Function 00B77CA7 Relevance: .2, Instructions: 237COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 6113b04e26ecc6730156f40f2c446e3b483e787cbd932149185c72df0845cd46
                                                        • Instruction ID: 997904a5b00bae5b82963d44c611f7e228cd94e5737a402175074c2eca9c3bc1
                                                        • Opcode Fuzzy Hash: 6113b04e26ecc6730156f40f2c446e3b483e787cbd932149185c72df0845cd46
                                                        • Instruction Fuzzy Hash: 9C617AB12C870966DA388A684895BBF23D9DF42704F10C9E9E97FDB281EE12DD42C355
                                                        Function 00B71706 Relevance: .2, Instructions: 232COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
                                                        • Instruction ID: 87dd2c947b76d310fc82e927791676240712dba703753d6792f05527e94f15eb
                                                        • Opcode Fuzzy Hash: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
                                                        • Instruction Fuzzy Hash: 618166726090A30DDB6D463D857443EFFE19A923A131A8BDDD4FACA1C1EE24C955E630
                                                        Function 00BC2046 Relevance: .1, Instructions: 72COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: a44b8ecdd1c8716ab825c93615500f68ecd78a23dc920330c1d6409e38fb7c17
                                                        • Instruction ID: 8ad31a7419d5ae2d9b02d6fb8ed813261071ac723e36cee4e22ec504733ef85e
                                                        • Opcode Fuzzy Hash: a44b8ecdd1c8716ab825c93615500f68ecd78a23dc920330c1d6409e38fb7c17
                                                        • Instruction Fuzzy Hash: 8D21A5326206118BDB28CF79C92277E73E5A754310F15866EE4A7C77D1DE35A904CB80
                                                        Function 00BE70D5 Relevance: 49.8, APIs: 33, Instructions: 273COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetTextColor.GDI32(?,00000000), ref: 00BE712F
                                                        • GetSysColorBrush.USER32(0000000F), ref: 00BE7160
                                                        • GetSysColor.USER32(0000000F), ref: 00BE716C
                                                        • SetBkColor.GDI32(?,000000FF), ref: 00BE7186
                                                        • SelectObject.GDI32(?,?), ref: 00BE7195
                                                        • InflateRect.USER32(?,000000FF,000000FF), ref: 00BE71C0
                                                        • GetSysColor.USER32(00000010), ref: 00BE71C8
                                                        • CreateSolidBrush.GDI32(00000000), ref: 00BE71CF
                                                        • FrameRect.USER32(?,?,00000000), ref: 00BE71DE
                                                        • DeleteObject.GDI32(00000000), ref: 00BE71E5
                                                        • InflateRect.USER32(?,000000FE,000000FE), ref: 00BE7230
                                                        • FillRect.USER32(?,?,?), ref: 00BE7262
                                                        • GetWindowLongW.USER32(?,000000F0), ref: 00BE7284
                                                          • Part of subcall function 00BE73E8: GetSysColor.USER32(00000012), ref: 00BE7421
                                                          • Part of subcall function 00BE73E8: SetTextColor.GDI32(?,?), ref: 00BE7425
                                                          • Part of subcall function 00BE73E8: GetSysColorBrush.USER32(0000000F), ref: 00BE743B
                                                          • Part of subcall function 00BE73E8: GetSysColor.USER32(0000000F), ref: 00BE7446
                                                          • Part of subcall function 00BE73E8: GetSysColor.USER32(00000011), ref: 00BE7463
                                                          • Part of subcall function 00BE73E8: CreatePen.GDI32(00000000,00000001,00743C00), ref: 00BE7471
                                                          • Part of subcall function 00BE73E8: SelectObject.GDI32(?,00000000), ref: 00BE7482
                                                          • Part of subcall function 00BE73E8: SetBkColor.GDI32(?,00000000), ref: 00BE748B
                                                          • Part of subcall function 00BE73E8: SelectObject.GDI32(?,?), ref: 00BE7498
                                                          • Part of subcall function 00BE73E8: InflateRect.USER32(?,000000FF,000000FF), ref: 00BE74B7
                                                          • Part of subcall function 00BE73E8: RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 00BE74CE
                                                          • Part of subcall function 00BE73E8: GetWindowLongW.USER32(00000000,000000F0), ref: 00BE74DB
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: Color$Rect$Object$BrushInflateSelect$CreateLongTextWindow$DeleteFillFrameRoundSolid
                                                        • String ID:
                                                        • API String ID: 4124339563-0
                                                        • Opcode ID: 9bd6a6e65e86bde9175ca8a81e9fa137c35a575fac3e63b296cdb398e5868102
                                                        • Instruction ID: aa27278025515331926eceee50f5f878b7a6e44788c0ed6a88042b56f1c15de5
                                                        • Opcode Fuzzy Hash: 9bd6a6e65e86bde9175ca8a81e9fa137c35a575fac3e63b296cdb398e5868102
                                                        • Instruction Fuzzy Hash: D4A1A472008341AFD7009F64DC88E5B7BE9FF49321F100A19FA62AB1E1DB35D945DB52
                                                        Function 00B68D85 Relevance: 47.7, APIs: 26, Strings: 1, Instructions: 480windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • DestroyWindow.USER32(?,?), ref: 00B68E14
                                                        • SendMessageW.USER32(?,00001308,?,00000000), ref: 00BA6AC5
                                                        • ImageList_Remove.COMCTL32(?,000000FF,?), ref: 00BA6AFE
                                                        • MoveWindow.USER32(?,?,?,?,?,00000000), ref: 00BA6F43
                                                          • Part of subcall function 00B68F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00B68BE8,?,00000000,?,?,?,?,00B68BBA,00000000,?), ref: 00B68FC5
                                                        • SendMessageW.USER32(?,00001053), ref: 00BA6F7F
                                                        • SendMessageW.USER32(?,00001008,000000FF,00000000), ref: 00BA6F96
                                                        • ImageList_Destroy.COMCTL32(00000000,?), ref: 00BA6FAC
                                                        • ImageList_Destroy.COMCTL32(00000000,?), ref: 00BA6FB7
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: DestroyImageList_MessageSend$Window$InvalidateMoveRectRemove
                                                        • String ID: 0
                                                        • API String ID: 2760611726-4108050209
                                                        • Opcode ID: 67e60641fa3554dbdc544aa73eefa22e538630f81da1e2d12450faca2c715161
                                                        • Instruction ID: f3c3604cc8832b6233f9e4bd2120ecd87c4f6a7501d77bca70e4fcad6538e1b3
                                                        • Opcode Fuzzy Hash: 67e60641fa3554dbdc544aa73eefa22e538630f81da1e2d12450faca2c715161
                                                        • Instruction Fuzzy Hash: 1012B070208241DFDB25DF14C884BAABBE5FB5A310F1C45A9F495CB661CB36EC92CB91
                                                        Function 00BD2711 Relevance: 45.8, APIs: 22, Strings: 4, Instructions: 330windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • DestroyWindow.USER32(00000000), ref: 00BD273E
                                                        • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00BD286A
                                                        • SetRect.USER32(?,00000000,00000000,0000012C,?), ref: 00BD28A9
                                                        • AdjustWindowRectEx.USER32(?,88C00000,00000000,00000008), ref: 00BD28B9
                                                        • CreateWindowExW.USER32(00000008,AutoIt v3,?,88C00000,000000FF,?,?,?,00000000,00000000,00000000), ref: 00BD2900
                                                        • GetClientRect.USER32(00000000,?), ref: 00BD290C
                                                        • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000), ref: 00BD2955
                                                        • CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 00BD2964
                                                        • GetStockObject.GDI32(00000011), ref: 00BD2974
                                                        • SelectObject.GDI32(00000000,00000000), ref: 00BD2978
                                                        • GetTextFaceW.GDI32(00000000,00000040,?,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?), ref: 00BD2988
                                                        • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00BD2991
                                                        • DeleteDC.GDI32(00000000), ref: 00BD299A
                                                        • CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000258,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 00BD29C6
                                                        • SendMessageW.USER32(00000030,00000000,00000001), ref: 00BD29DD
                                                        • CreateWindowExW.USER32(00000200,msctls_progress32,00000000,50000001,?,-0000001D,00000104,00000014,00000000,00000000,00000000), ref: 00BD2A1D
                                                        • SendMessageW.USER32(00000000,00000401,00000000,00640000), ref: 00BD2A31
                                                        • SendMessageW.USER32(00000404,00000001,00000000), ref: 00BD2A42
                                                        • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000041,00000500,-00000027,00000000,00000000,00000000), ref: 00BD2A77
                                                        • GetStockObject.GDI32(00000011), ref: 00BD2A82
                                                        • SendMessageW.USER32(00000030,00000000,?,50000000), ref: 00BD2A8D
                                                        • ShowWindow.USER32(00000004,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?,?,?), ref: 00BD2A97
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: Window$Create$MessageSend$ObjectRect$Stock$AdjustCapsClientDeleteDestroyDeviceFaceFontInfoParametersSelectShowSystemText
                                                        • String ID: AutoIt v3$DISPLAY$msctls_progress32$static
                                                        • API String ID: 2910397461-517079104
                                                        • Opcode ID: 1d6cdb65cacc71b167ed0327b83e3e0804331778dad97af28480cea1b2bf39b8
                                                        • Instruction ID: d99fee6f0ca31ed5f730b8a52e1f58f2e9c01d715bcc93a99c314e8a29055138
                                                        • Opcode Fuzzy Hash: 1d6cdb65cacc71b167ed0327b83e3e0804331778dad97af28480cea1b2bf39b8
                                                        • Instruction Fuzzy Hash: 24B17E71A10245AFEB24DF68DC85FAEBBB9EB18711F004155F914EB2A0DB70ED41CB90
                                                        Function 00BC4ADF Relevance: 45.7, APIs: 3, Strings: 23, Instructions: 191COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetErrorMode.KERNEL32(00000001), ref: 00BC4AED
                                                        • GetDriveTypeW.KERNEL32(?,00BECB68,?,\\.\,00BECC08), ref: 00BC4BCA
                                                        • SetErrorMode.KERNEL32(00000000,00BECB68,?,\\.\,00BECC08), ref: 00BC4D36
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: ErrorMode$DriveType
                                                        • String ID: 1394$ATA$ATAPI$CDROM$Fibre$FileBackedVirtual$Fixed$MMC$Network$PhysicalDrive$RAID$RAMDisk$Removable$SAS$SATA$SCSI$SSA$SSD$USB$Unknown$Virtual$\\.\$iSCSI
                                                        • API String ID: 2907320926-4222207086
                                                        • Opcode ID: da994a35ff372fe3ff0d5b02b6f92256f9d7ca41e3ac54ab6abe2fcd5c907377
                                                        • Instruction ID: 8d6f048348576a035bd1fc188802fd6f34e0dc681f1d00c327649133cfc75c5b
                                                        • Opcode Fuzzy Hash: da994a35ff372fe3ff0d5b02b6f92256f9d7ca41e3ac54ab6abe2fcd5c907377
                                                        • Instruction Fuzzy Hash: 556190306051059BDB14EF24DAE2FAA77E0EB06341B2444EDF806EB261DB65DE81EB41
                                                        Function 00BE73E8 Relevance: 39.2, APIs: 26, Instructions: 201windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetSysColor.USER32(00000012), ref: 00BE7421
                                                        • SetTextColor.GDI32(?,?), ref: 00BE7425
                                                        • GetSysColorBrush.USER32(0000000F), ref: 00BE743B
                                                        • GetSysColor.USER32(0000000F), ref: 00BE7446
                                                        • CreateSolidBrush.GDI32(?), ref: 00BE744B
                                                        • GetSysColor.USER32(00000011), ref: 00BE7463
                                                        • CreatePen.GDI32(00000000,00000001,00743C00), ref: 00BE7471
                                                        • SelectObject.GDI32(?,00000000), ref: 00BE7482
                                                        • SetBkColor.GDI32(?,00000000), ref: 00BE748B
                                                        • SelectObject.GDI32(?,?), ref: 00BE7498
                                                        • InflateRect.USER32(?,000000FF,000000FF), ref: 00BE74B7
                                                        • RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 00BE74CE
                                                        • GetWindowLongW.USER32(00000000,000000F0), ref: 00BE74DB
                                                        • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00BE752A
                                                        • GetWindowTextW.USER32(00000000,00000000,00000001), ref: 00BE7554
                                                        • InflateRect.USER32(?,000000FD,000000FD), ref: 00BE7572
                                                        • DrawFocusRect.USER32(?,?), ref: 00BE757D
                                                        • GetSysColor.USER32(00000011), ref: 00BE758E
                                                        • SetTextColor.GDI32(?,00000000), ref: 00BE7596
                                                        • DrawTextW.USER32(?,00BE70F5,000000FF,?,00000000), ref: 00BE75A8
                                                        • SelectObject.GDI32(?,?), ref: 00BE75BF
                                                        • DeleteObject.GDI32(?), ref: 00BE75CA
                                                        • SelectObject.GDI32(?,?), ref: 00BE75D0
                                                        • DeleteObject.GDI32(?), ref: 00BE75D5
                                                        • SetTextColor.GDI32(?,?), ref: 00BE75DB
                                                        • SetBkColor.GDI32(?,?), ref: 00BE75E5
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: Color$Object$Text$RectSelect$BrushCreateDeleteDrawInflateWindow$FocusLongMessageRoundSendSolid
                                                        • String ID:
                                                        • API String ID: 1996641542-0
                                                        • Opcode ID: 023170ef2db14d59ec1bad9351ecbb4b02d95666338f1072c12833996334ed2b
                                                        • Instruction ID: 744f282ddc5793328f81ddca430d33442456ac86f57e0bfa4400b6e100d18642
                                                        • Opcode Fuzzy Hash: 023170ef2db14d59ec1bad9351ecbb4b02d95666338f1072c12833996334ed2b
                                                        • Instruction Fuzzy Hash: 6C617A72900258AFDF019FA4DC89EAEBFB9EF08320F114165F911BB2A1DB749941DF90
                                                        Function 00BE0FF3 Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 284windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetCursorPos.USER32(?), ref: 00BE1128
                                                        • GetDesktopWindow.USER32 ref: 00BE113D
                                                        • GetWindowRect.USER32(00000000), ref: 00BE1144
                                                        • GetWindowLongW.USER32(?,000000F0), ref: 00BE1199
                                                        • DestroyWindow.USER32(?), ref: 00BE11B9
                                                        • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,7FFFFFFD,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 00BE11ED
                                                        • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00BE120B
                                                        • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 00BE121D
                                                        • SendMessageW.USER32(00000000,00000421,?,?), ref: 00BE1232
                                                        • SendMessageW.USER32(00000000,0000041D,00000000,00000000), ref: 00BE1245
                                                        • IsWindowVisible.USER32(00000000), ref: 00BE12A1
                                                        • SendMessageW.USER32(00000000,00000412,00000000,D8F0D8F0), ref: 00BE12BC
                                                        • SendMessageW.USER32(00000000,00000411,00000001,00000030), ref: 00BE12D0
                                                        • GetWindowRect.USER32(00000000,?), ref: 00BE12E8
                                                        • MonitorFromPoint.USER32(?,?,00000002), ref: 00BE130E
                                                        • GetMonitorInfoW.USER32(00000000,?), ref: 00BE1328
                                                        • CopyRect.USER32(?,?), ref: 00BE133F
                                                        • SendMessageW.USER32(00000000,00000412,00000000), ref: 00BE13AA
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: MessageSendWindow$Rect$Monitor$CopyCreateCursorDesktopDestroyFromInfoLongPointVisible
                                                        • String ID: ($0$tooltips_class32
                                                        • API String ID: 698492251-4156429822
                                                        • Opcode ID: f8dcb9b9c3d0c2de5766daafa58103cb579295462a8812284b305b6126569bb0
                                                        • Instruction ID: 2fa87ab063e0e080af38283f71c720c294ddb486d11ce25495e064d50c9c20e1
                                                        • Opcode Fuzzy Hash: f8dcb9b9c3d0c2de5766daafa58103cb579295462a8812284b305b6126569bb0
                                                        • Instruction Fuzzy Hash: 69B19D71604381AFD714DF69C884B6BBBE4FF84350F10899CF9999B2A1DB31E845CB92
                                                        Function 00BE0241 Relevance: 35.4, APIs: 7, Strings: 13, Instructions: 391windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CharUpperBuffW.USER32(?,?), ref: 00BE02E5
                                                        • _wcslen.LIBCMT ref: 00BE031F
                                                        • _wcslen.LIBCMT ref: 00BE0389
                                                        • _wcslen.LIBCMT ref: 00BE03F1
                                                        • _wcslen.LIBCMT ref: 00BE0475
                                                        • SendMessageW.USER32(?,00001032,00000000,00000000), ref: 00BE04C5
                                                        • SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 00BE0504
                                                          • Part of subcall function 00B6F9F2: _wcslen.LIBCMT ref: 00B6F9FD
                                                          • Part of subcall function 00BB223F: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00BB2258
                                                          • Part of subcall function 00BB223F: SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 00BB228A
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: _wcslen$MessageSend$BuffCharUpper
                                                        • String ID: DESELECT$FINDITEM$GETITEMCOUNT$GETSELECTED$GETSELECTEDCOUNT$GETSUBITEMCOUNT$GETTEXT$ISSELECTED$SELECT$SELECTALL$SELECTCLEAR$SELECTINVERT$VIEWCHANGE
                                                        • API String ID: 1103490817-719923060
                                                        • Opcode ID: c552cbeeeb72929c3e19994de7e6127e02bf6f5502bad4e4082717ce03075e5c
                                                        • Instruction ID: 3f10b3652a2f7036a8cd9b9867f82ff7bfb0616f0b02191268df0cc5fd4ec17f
                                                        • Opcode Fuzzy Hash: c552cbeeeb72929c3e19994de7e6127e02bf6f5502bad4e4082717ce03075e5c
                                                        • Instruction Fuzzy Hash: 56E191312282818FC714EF25C59197AB7E6FF98314B144ADCF8969B3A1DB70ED85CB81
                                                        Function 00B68891 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 282windowtimeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 00B68968
                                                        • GetSystemMetrics.USER32(00000007), ref: 00B68970
                                                        • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 00B6899B
                                                        • GetSystemMetrics.USER32(00000008), ref: 00B689A3
                                                        • GetSystemMetrics.USER32(00000004), ref: 00B689C8
                                                        • SetRect.USER32(000000FF,00000000,00000000,000000FF,000000FF), ref: 00B689E5
                                                        • AdjustWindowRectEx.USER32(000000FF,?,00000000,?), ref: 00B689F5
                                                        • CreateWindowExW.USER32(?,AutoIt v3 GUI,?,?,?,000000FF,000000FF,000000FF,?,00000000,00000000), ref: 00B68A28
                                                        • SetWindowLongW.USER32(00000000,000000EB,00000000), ref: 00B68A3C
                                                        • GetClientRect.USER32(00000000,000000FF), ref: 00B68A5A
                                                        • GetStockObject.GDI32(00000011), ref: 00B68A76
                                                        • SendMessageW.USER32(00000000,00000030,00000000), ref: 00B68A81
                                                          • Part of subcall function 00B6912D: GetCursorPos.USER32(?), ref: 00B69141
                                                          • Part of subcall function 00B6912D: ScreenToClient.USER32(00000000,?), ref: 00B6915E
                                                          • Part of subcall function 00B6912D: GetAsyncKeyState.USER32(00000001), ref: 00B69183
                                                          • Part of subcall function 00B6912D: GetAsyncKeyState.USER32(00000002), ref: 00B6919D
                                                        • SetTimer.USER32(00000000,00000000,00000028,00B690FC), ref: 00B68AA8
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: System$MetricsRectWindow$AsyncClientInfoParametersState$AdjustCreateCursorLongMessageObjectScreenSendStockTimer
                                                        • String ID: AutoIt v3 GUI
                                                        • API String ID: 1458621304-248962490
                                                        • Opcode ID: b77130285927c6479ce3d8a077fdbc0b8b293fef711c6eaba2b6959e755f18db
                                                        • Instruction ID: e853a6871a4ec36cc24a076a5947689174d7c1ab7383d4f713f2b3c6e0af26bd
                                                        • Opcode Fuzzy Hash: b77130285927c6479ce3d8a077fdbc0b8b293fef711c6eaba2b6959e755f18db
                                                        • Instruction Fuzzy Hash: 5EB16871A00209AFDF14DFA8D885BAE3BF5FB48314F154269FE15AB290DB34A841CB51
                                                        Function 00BB0D8B Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00BB10F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00BB1114
                                                          • Part of subcall function 00BB10F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,00BB0B9B,?,?,?), ref: 00BB1120
                                                          • Part of subcall function 00BB10F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00BB0B9B,?,?,?), ref: 00BB112F
                                                          • Part of subcall function 00BB10F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00BB0B9B,?,?,?), ref: 00BB1136
                                                          • Part of subcall function 00BB10F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00BB114D
                                                        • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00BB0DF5
                                                        • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00BB0E29
                                                        • GetLengthSid.ADVAPI32(?), ref: 00BB0E40
                                                        • GetAce.ADVAPI32(?,00000000,?), ref: 00BB0E7A
                                                        • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00BB0E96
                                                        • GetLengthSid.ADVAPI32(?), ref: 00BB0EAD
                                                        • GetProcessHeap.KERNEL32(00000008,00000008), ref: 00BB0EB5
                                                        • HeapAlloc.KERNEL32(00000000), ref: 00BB0EBC
                                                        • GetLengthSid.ADVAPI32(?,00000008,?), ref: 00BB0EDD
                                                        • CopySid.ADVAPI32(00000000), ref: 00BB0EE4
                                                        • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00BB0F13
                                                        • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00BB0F35
                                                        • SetUserObjectSecurity.USER32(?,00000004,?), ref: 00BB0F47
                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00BB0F6E
                                                        • HeapFree.KERNEL32(00000000), ref: 00BB0F75
                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00BB0F7E
                                                        • HeapFree.KERNEL32(00000000), ref: 00BB0F85
                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00BB0F8E
                                                        • HeapFree.KERNEL32(00000000), ref: 00BB0F95
                                                        • GetProcessHeap.KERNEL32(00000000,?), ref: 00BB0FA1
                                                        • HeapFree.KERNEL32(00000000), ref: 00BB0FA8
                                                          • Part of subcall function 00BB1193: GetProcessHeap.KERNEL32(00000008,00BB0BB1,?,00000000,?,00BB0BB1,?), ref: 00BB11A1
                                                          • Part of subcall function 00BB1193: HeapAlloc.KERNEL32(00000000,?,00000000,?,00BB0BB1,?), ref: 00BB11A8
                                                          • Part of subcall function 00BB1193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,00BB0BB1,?), ref: 00BB11B7
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                        • String ID:
                                                        • API String ID: 4175595110-0
                                                        • Opcode ID: 8cd0fe4970f0b8f3d0082ba9f84b0bac208c544edf3d1aba06398e113ad4a809
                                                        • Instruction ID: 128bbc5094e0d2a5938380aeb3b3408413201aaf24ba29f0666d56f67c3dc7f8
                                                        • Opcode Fuzzy Hash: 8cd0fe4970f0b8f3d0082ba9f84b0bac208c544edf3d1aba06398e113ad4a809
                                                        • Instruction Fuzzy Hash: E4712C71A1020AABDF20AFA4DC45BFFBBB8FF05310F148595E919AB191DB719A05CB60
                                                        Function 00BDC3B7 Relevance: 30.2, APIs: 11, Strings: 6, Instructions: 495registryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00BDC4BD
                                                        • RegCreateKeyExW.ADVAPI32(?,?,00000000,00BECC08,00000000,?,00000000,?,?), ref: 00BDC544
                                                        • RegCloseKey.ADVAPI32(00000000,00000000,00000000), ref: 00BDC5A4
                                                        • _wcslen.LIBCMT ref: 00BDC5F4
                                                        • _wcslen.LIBCMT ref: 00BDC66F
                                                        • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000001,?,?), ref: 00BDC6B2
                                                        • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000007,?,?), ref: 00BDC7C1
                                                        • RegSetValueExW.ADVAPI32(00000001,?,00000000,0000000B,?,00000008), ref: 00BDC84D
                                                        • RegCloseKey.ADVAPI32(?), ref: 00BDC881
                                                        • RegCloseKey.ADVAPI32(00000000), ref: 00BDC88E
                                                        • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000003,00000000,00000000), ref: 00BDC960
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: Value$Close$_wcslen$ConnectCreateRegistry
                                                        • String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
                                                        • API String ID: 9721498-966354055
                                                        • Opcode ID: 1c1bb849a6f0eafd68a551aa34fb5805e631c81247c8ab78592bf009cf25a6d7
                                                        • Instruction ID: 19c971264604d773b2272e9c9f85d795f1cc519a7e09bd58918333d3fe274442
                                                        • Opcode Fuzzy Hash: 1c1bb849a6f0eafd68a551aa34fb5805e631c81247c8ab78592bf009cf25a6d7
                                                        • Instruction Fuzzy Hash: 861267356042019FD714DF14D891B2ABBE5EF88725F14889DF88A9B3A2EB31ED45CB81
                                                        Function 00BE091E Relevance: 30.1, APIs: 6, Strings: 11, Instructions: 372windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CharUpperBuffW.USER32(?,?), ref: 00BE09C6
                                                        • _wcslen.LIBCMT ref: 00BE0A01
                                                        • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00BE0A54
                                                        • _wcslen.LIBCMT ref: 00BE0A8A
                                                        • _wcslen.LIBCMT ref: 00BE0B06
                                                        • _wcslen.LIBCMT ref: 00BE0B81
                                                          • Part of subcall function 00B6F9F2: _wcslen.LIBCMT ref: 00B6F9FD
                                                          • Part of subcall function 00BB2BE8: SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00BB2BFA
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: _wcslen$MessageSend$BuffCharUpper
                                                        • String ID: CHECK$COLLAPSE$EXISTS$EXPAND$GETITEMCOUNT$GETSELECTED$GETTEXT$GETTOTALCOUNT$ISCHECKED$SELECT$UNCHECK
                                                        • API String ID: 1103490817-4258414348
                                                        • Opcode ID: bc9251a3a5711c7bc4ed47f65365b546047aec3b7001adbfe7fbb1e8a1cd1d3d
                                                        • Instruction ID: cfa018204689653f98d7bbdb100b789b323c911a0762c2c243ffed75a3a3c226
                                                        • Opcode Fuzzy Hash: bc9251a3a5711c7bc4ed47f65365b546047aec3b7001adbfe7fbb1e8a1cd1d3d
                                                        • Instruction Fuzzy Hash: 54E190352183418FC714EF25C49096AB7E1FF94314B1489ECF89A9B362DB70ED85CB81
                                                        Function 00BDC998 Relevance: 30.0, APIs: 7, Strings: 10, Instructions: 242COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: _wcslen$BuffCharUpper
                                                        • String ID: HKCC$HKCR$HKCU$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$HKLM$HKU
                                                        • API String ID: 1256254125-909552448
                                                        • Opcode ID: a2e75b9bee69e772c1e09ecc2f6439c801adf94c7766f4dfdd9c5f00dc0f8378
                                                        • Instruction ID: 23c49aca783708a4b6404fcfb1a62cbedac0dda3e7c159652a2a827e1ba4d7dd
                                                        • Opcode Fuzzy Hash: a2e75b9bee69e772c1e09ecc2f6439c801adf94c7766f4dfdd9c5f00dc0f8378
                                                        • Instruction Fuzzy Hash: CE71E53261012B8BCF20DE68C9416BABBE1DB61750F2506A6FC6697388F630CD85D390
                                                        Function 00BE833C Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 196windowlibraryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • _wcslen.LIBCMT ref: 00BE835A
                                                        • _wcslen.LIBCMT ref: 00BE836E
                                                        • _wcslen.LIBCMT ref: 00BE8391
                                                        • _wcslen.LIBCMT ref: 00BE83B4
                                                        • LoadImageW.USER32(00000000,?,00000001,?,?,00002010), ref: 00BE83F2
                                                        • LoadLibraryExW.KERNEL32(?,00000000,00000032,00000000,?,?,?,?,?,00BE5BF2), ref: 00BE844E
                                                        • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00BE8487
                                                        • LoadImageW.USER32(00000000,?,00000001,?,?,00000000), ref: 00BE84CA
                                                        • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00BE8501
                                                        • FreeLibrary.KERNEL32(?), ref: 00BE850D
                                                        • ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 00BE851D
                                                        • DestroyIcon.USER32(?,?,?,?,?,00BE5BF2), ref: 00BE852C
                                                        • SendMessageW.USER32(?,00000170,00000000,00000000), ref: 00BE8549
                                                        • SendMessageW.USER32(?,00000064,00000172,00000001), ref: 00BE8555
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: Load$Image_wcslen$IconLibraryMessageSend$DestroyExtractFree
                                                        • String ID: .dll$.exe$.icl
                                                        • API String ID: 799131459-1154884017
                                                        • Opcode ID: 9a118cb65495402a3431132bc3a0667020c00f3248d0bc478d51335383104d4e
                                                        • Instruction ID: 395c7da3c6d24d4badc01826a814d2f1ab20b4da04c901f596450c7f73be3b7b
                                                        • Opcode Fuzzy Hash: 9a118cb65495402a3431132bc3a0667020c00f3248d0bc478d51335383104d4e
                                                        • Instruction Fuzzy Hash: 1861ED71500A45BEEB148F65CC81BBE7BE8EB14711F104289F819EA1D1DF74AA80CBA0
                                                        Function 00B57778 Relevance: 28.3, APIs: 1, Strings: 15, Instructions: 273COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: "$#OnAutoItStartRegister$#ce$#comments-end$#comments-start$#cs$#include$#include-once$#notrayicon$#pragma compile$#requireadmin$'$Bad directive syntax error$Cannot parse #include$Unterminated group of comments
                                                        • API String ID: 0-1645009161
                                                        • Opcode ID: 5f183678a63069ba22e32865686a4bd0f534d6ebefe604dabe0b64002c12fb66
                                                        • Instruction ID: 9fb6350485b2822ee28f0ae4fe8d3f5f7fc409117eaff8f6ada13943cf144ce1
                                                        • Opcode Fuzzy Hash: 5f183678a63069ba22e32865686a4bd0f534d6ebefe604dabe0b64002c12fb66
                                                        • Instruction Fuzzy Hash: 4A81E371784215BBDB21AF60EC42FAE3BE8EF15301F1440E4FD09AA192EB70DA45C7A1
                                                        Function 00BC3E79 Relevance: 28.2, APIs: 8, Strings: 8, Instructions: 205COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CharLowerBuffW.USER32(?,?), ref: 00BC3EF8
                                                        • _wcslen.LIBCMT ref: 00BC3F03
                                                        • _wcslen.LIBCMT ref: 00BC3F5A
                                                        • _wcslen.LIBCMT ref: 00BC3F98
                                                        • GetDriveTypeW.KERNEL32(?), ref: 00BC3FD6
                                                        • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00BC401E
                                                        • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00BC4059
                                                        • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00BC4087
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: SendString_wcslen$BuffCharDriveLowerType
                                                        • String ID: type cdaudio alias cd wait$ wait$close$close cd wait$closed$open$open $set cd door
                                                        • API String ID: 1839972693-4113822522
                                                        • Opcode ID: 74878e65b384da9f983f011c2ef252373f1757fb23df40dc58565385734509c3
                                                        • Instruction ID: 76365c9171f366e26d8cb4e8457345f108d99f579456c192b075e52ea2f07421
                                                        • Opcode Fuzzy Hash: 74878e65b384da9f983f011c2ef252373f1757fb23df40dc58565385734509c3
                                                        • Instruction Fuzzy Hash: BE7124326043018FC310EF24C891AABB7F4EF94754F4089ADF99697251EB30DE49CB91
                                                        Function 00BB5A1B Relevance: 27.2, APIs: 18, Instructions: 198windowtimeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • LoadIconW.USER32(00000063), ref: 00BB5A2E
                                                        • SendMessageW.USER32(?,00000080,00000000,00000000), ref: 00BB5A40
                                                        • SetWindowTextW.USER32(?,?), ref: 00BB5A57
                                                        • GetDlgItem.USER32(?,000003EA), ref: 00BB5A6C
                                                        • SetWindowTextW.USER32(00000000,?), ref: 00BB5A72
                                                        • GetDlgItem.USER32(?,000003E9), ref: 00BB5A82
                                                        • SetWindowTextW.USER32(00000000,?), ref: 00BB5A88
                                                        • SendDlgItemMessageW.USER32(?,000003E9,000000CC,?,00000000), ref: 00BB5AA9
                                                        • SendDlgItemMessageW.USER32(?,000003E9,000000C5,00000000,00000000), ref: 00BB5AC3
                                                        • GetWindowRect.USER32(?,?), ref: 00BB5ACC
                                                        • _wcslen.LIBCMT ref: 00BB5B33
                                                        • SetWindowTextW.USER32(?,?), ref: 00BB5B6F
                                                        • GetDesktopWindow.USER32 ref: 00BB5B75
                                                        • GetWindowRect.USER32(00000000), ref: 00BB5B7C
                                                        • MoveWindow.USER32(?,?,00000080,00000000,?,00000000), ref: 00BB5BD3
                                                        • GetClientRect.USER32(?,?), ref: 00BB5BE0
                                                        • PostMessageW.USER32(?,00000005,00000000,?), ref: 00BB5C05
                                                        • SetTimer.USER32(?,0000040A,00000000,00000000), ref: 00BB5C2F
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer_wcslen
                                                        • String ID:
                                                        • API String ID: 895679908-0
                                                        • Opcode ID: baf4d90dd20239a7dcfaae78681ea4798adc929fccc2828a06eea7b768445383
                                                        • Instruction ID: 9c33690e0057a328716d5907e84f949c61ae8ffd845e51278ac923055266dc23
                                                        • Opcode Fuzzy Hash: baf4d90dd20239a7dcfaae78681ea4798adc929fccc2828a06eea7b768445383
                                                        • Instruction Fuzzy Hash: 22715A31900B09AFDB30DFA8CE85BAEBBF5FF48704F104558E586A75A0DBB5A941CB50
                                                        Function 00BCFE0E Relevance: 27.1, APIs: 18, Instructions: 128COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • LoadCursorW.USER32(00000000,00007F89), ref: 00BCFE27
                                                        • LoadCursorW.USER32(00000000,00007F8A), ref: 00BCFE32
                                                        • LoadCursorW.USER32(00000000,00007F00), ref: 00BCFE3D
                                                        • LoadCursorW.USER32(00000000,00007F03), ref: 00BCFE48
                                                        • LoadCursorW.USER32(00000000,00007F8B), ref: 00BCFE53
                                                        • LoadCursorW.USER32(00000000,00007F01), ref: 00BCFE5E
                                                        • LoadCursorW.USER32(00000000,00007F81), ref: 00BCFE69
                                                        • LoadCursorW.USER32(00000000,00007F88), ref: 00BCFE74
                                                        • LoadCursorW.USER32(00000000,00007F80), ref: 00BCFE7F
                                                        • LoadCursorW.USER32(00000000,00007F86), ref: 00BCFE8A
                                                        • LoadCursorW.USER32(00000000,00007F83), ref: 00BCFE95
                                                        • LoadCursorW.USER32(00000000,00007F85), ref: 00BCFEA0
                                                        • LoadCursorW.USER32(00000000,00007F82), ref: 00BCFEAB
                                                        • LoadCursorW.USER32(00000000,00007F84), ref: 00BCFEB6
                                                        • LoadCursorW.USER32(00000000,00007F04), ref: 00BCFEC1
                                                        • LoadCursorW.USER32(00000000,00007F02), ref: 00BCFECC
                                                        • GetCursorInfo.USER32(?), ref: 00BCFEDC
                                                        • GetLastError.KERNEL32 ref: 00BCFF1E
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: Cursor$Load$ErrorInfoLast
                                                        • String ID:
                                                        • API String ID: 3215588206-0
                                                        • Opcode ID: 840f238cf3e00f55103731db9d8319a859191a381c469988436d96dd00bf8a84
                                                        • Instruction ID: dbc493cdf342d31a174c0dba809cfd7302606fd3cc56fe538d571987c8d6fe2f
                                                        • Opcode Fuzzy Hash: 840f238cf3e00f55103731db9d8319a859191a381c469988436d96dd00bf8a84
                                                        • Instruction Fuzzy Hash: 8E4174B0D0531A6BDB109FBA8CC5D6EBFE9FF04354B50456AE11DEB281DB789901CE90
                                                        Function 00B700C6 Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 81COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • __scrt_initialize_thread_safe_statics_platform_specific.LIBCMT ref: 00B700C6
                                                          • Part of subcall function 00B700ED: InitializeCriticalSectionAndSpinCount.KERNEL32(00C2070C,00000FA0,69A0D92F,?,?,?,?,00B923B3,000000FF), ref: 00B7011C
                                                          • Part of subcall function 00B700ED: GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,?,?,00B923B3,000000FF), ref: 00B70127
                                                          • Part of subcall function 00B700ED: GetModuleHandleW.KERNEL32(kernel32.dll,?,?,?,?,00B923B3,000000FF), ref: 00B70138
                                                          • Part of subcall function 00B700ED: GetProcAddress.KERNEL32(00000000,InitializeConditionVariable), ref: 00B7014E
                                                          • Part of subcall function 00B700ED: GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 00B7015C
                                                          • Part of subcall function 00B700ED: GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 00B7016A
                                                          • Part of subcall function 00B700ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 00B70195
                                                          • Part of subcall function 00B700ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 00B701A0
                                                        • ___scrt_fastfail.LIBCMT ref: 00B700E7
                                                          • Part of subcall function 00B700A3: __onexit.LIBCMT ref: 00B700A9
                                                        Strings
                                                        • api-ms-win-core-synch-l1-2-0.dll, xrefs: 00B70122
                                                        • InitializeConditionVariable, xrefs: 00B70148
                                                        • WakeAllConditionVariable, xrefs: 00B70162
                                                        • SleepConditionVariableCS, xrefs: 00B70154
                                                        • kernel32.dll, xrefs: 00B70133
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: AddressProc$HandleModule__crt_fast_encode_pointer$CountCriticalInitializeSectionSpin___scrt_fastfail__onexit__scrt_initialize_thread_safe_statics_platform_specific
                                                        • String ID: InitializeConditionVariable$SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
                                                        • API String ID: 66158676-1714406822
                                                        • Opcode ID: ec5f7ec966083781be3b6641d8fc9125fb4275ff0cd2b253f030fc5fe75b3d3a
                                                        • Instruction ID: ce686cafacdcdc8b49188b7cdbf3137e6eb65b184a330da0e55af040af073c03
                                                        • Opcode Fuzzy Hash: ec5f7ec966083781be3b6641d8fc9125fb4275ff0cd2b253f030fc5fe75b3d3a
                                                        • Instruction Fuzzy Hash: EB210732A54751EFD7207B64AC45B3E3BD4DF05F61F1081BBF819B7AA1DF6498008A91
                                                        Function 00BB30F7 Relevance: 24.9, APIs: 8, Strings: 6, Instructions: 400COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: _wcslen
                                                        • String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT
                                                        • API String ID: 176396367-1603158881
                                                        • Opcode ID: 56b66659d2bddea05a633faf9c47c5b37921ef2bf0a89ec899effe6dcf400132
                                                        • Instruction ID: fb8ad34339353991d0564b43d1c773c309833510bca4d279639c8a67fc5cb3c3
                                                        • Opcode Fuzzy Hash: 56b66659d2bddea05a633faf9c47c5b37921ef2bf0a89ec899effe6dcf400132
                                                        • Instruction Fuzzy Hash: 37E1A532A00516EBCB249FB8C4917FEBBF4FF54B10F548199E456B7240DBB0AE899790
                                                        Function 00BC44C0 Relevance: 24.8, APIs: 7, Strings: 7, Instructions: 309COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CharLowerBuffW.USER32(00000000,00000000,00BECC08), ref: 00BC4527
                                                        • _wcslen.LIBCMT ref: 00BC453B
                                                        • _wcslen.LIBCMT ref: 00BC4599
                                                        • _wcslen.LIBCMT ref: 00BC45F4
                                                        • _wcslen.LIBCMT ref: 00BC463F
                                                        • _wcslen.LIBCMT ref: 00BC46A7
                                                          • Part of subcall function 00B6F9F2: _wcslen.LIBCMT ref: 00B6F9FD
                                                        • GetDriveTypeW.KERNEL32(?,00C16BF0,00000061), ref: 00BC4743
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: _wcslen$BuffCharDriveLowerType
                                                        • String ID: all$cdrom$fixed$network$ramdisk$removable$unknown
                                                        • API String ID: 2055661098-1000479233
                                                        • Opcode ID: 2d31456bac9dd931a7228161c896b211f990b793c99b6cbd4219afa805d4f644
                                                        • Instruction ID: a044c829f634659a9d0e5ed49ac9582645b4706c4cebd10c4fe5789511c271ac
                                                        • Opcode Fuzzy Hash: 2d31456bac9dd931a7228161c896b211f990b793c99b6cbd4219afa805d4f644
                                                        • Instruction Fuzzy Hash: 2BB1EF716083029FC710DF28C8A0F6AB7E5EFA5761F5049ADF496C7295DB30DE48CA52
                                                        Function 00BD3FE9 Relevance: 23.2, APIs: 11, Strings: 2, Instructions: 478libraryloaderCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • LoadLibraryA.KERNEL32(kernel32.dll,?,00BECC08), ref: 00BD40BB
                                                        • GetProcAddress.KERNEL32(00000000,GetModuleHandleExW), ref: 00BD40CD
                                                        • GetModuleFileNameW.KERNEL32(?,?,00000104,?,?,?,00BECC08), ref: 00BD40F2
                                                        • FreeLibrary.KERNEL32(00000000,?,00BECC08), ref: 00BD413E
                                                        • StringFromGUID2.OLE32(?,?,00000028,?,00BECC08), ref: 00BD41A8
                                                        • SysFreeString.OLEAUT32(00000009), ref: 00BD4262
                                                        • QueryPathOfRegTypeLib.OLEAUT32(?,?,?,?,?), ref: 00BD42C8
                                                        • SysFreeString.OLEAUT32(?), ref: 00BD42F2
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: FreeString$Library$AddressFileFromLoadModuleNamePathProcQueryType
                                                        • String ID: GetModuleHandleExW$kernel32.dll
                                                        • API String ID: 354098117-199464113
                                                        • Opcode ID: 010a58ba60fca0127a6882b1fc477987e9792936e94b8e5e5d40f0329fb6b9a4
                                                        • Instruction ID: 8946563c657f344076eb8d5d980f269fe9b8f886d634600da327d9bed575af0f
                                                        • Opcode Fuzzy Hash: 010a58ba60fca0127a6882b1fc477987e9792936e94b8e5e5d40f0329fb6b9a4
                                                        • Instruction Fuzzy Hash: CC12E875A00119EFDB14DF94C884EAEBBF5EF45314F248099E905AB351EB31ED86CBA0
                                                        Function 00B5326F Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 214windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetMenuItemCount.USER32(00C21990), ref: 00B92F8D
                                                        • GetMenuItemCount.USER32(00C21990), ref: 00B9303D
                                                        • GetCursorPos.USER32(?), ref: 00B93081
                                                        • SetForegroundWindow.USER32(00000000), ref: 00B9308A
                                                        • TrackPopupMenuEx.USER32(00C21990,00000000,?,00000000,00000000,00000000), ref: 00B9309D
                                                        • PostMessageW.USER32(00000000,00000000,00000000,00000000), ref: 00B930A9
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: Menu$CountItem$CursorForegroundMessagePopupPostTrackWindow
                                                        • String ID: 0
                                                        • API String ID: 36266755-4108050209
                                                        • Opcode ID: 428a1cfd9ffba6cfd1bfaf9bfd605ef04aa0c098c5f3836d9e7212b1a5fe5593
                                                        • Instruction ID: 835e356c2f23f2f70fb114b5bfde726f516d8202a10996eecc374918d82df871
                                                        • Opcode Fuzzy Hash: 428a1cfd9ffba6cfd1bfaf9bfd605ef04aa0c098c5f3836d9e7212b1a5fe5593
                                                        • Instruction Fuzzy Hash: 4E710A70640205BFEF218F64CC89FAABFE4FF05764F244296F9156A2E0C7B1A914DB90
                                                        Function 00BE6CD9 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 194windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • DestroyWindow.USER32(00000000,?), ref: 00BE6DEB
                                                          • Part of subcall function 00B56B57: _wcslen.LIBCMT ref: 00B56B6A
                                                        • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00000000,?), ref: 00BE6E5F
                                                        • SendMessageW.USER32(00000000,00000433,00000000,00000030), ref: 00BE6E81
                                                        • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00BE6E94
                                                        • DestroyWindow.USER32(?), ref: 00BE6EB5
                                                        • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00B50000,00000000), ref: 00BE6EE4
                                                        • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00BE6EFD
                                                        • GetDesktopWindow.USER32 ref: 00BE6F16
                                                        • GetWindowRect.USER32(00000000), ref: 00BE6F1D
                                                        • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 00BE6F35
                                                        • SendMessageW.USER32(00000000,00000421,?,00000000), ref: 00BE6F4D
                                                          • Part of subcall function 00B69944: GetWindowLongW.USER32(?,000000EB), ref: 00B69952
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: Window$MessageSend$CreateDestroy$DesktopLongRect_wcslen
                                                        • String ID: 0$tooltips_class32
                                                        • API String ID: 2429346358-3619404913
                                                        • Opcode ID: 9ac9c82626b30a2be364a5e4a0e63b0c973a6bc8629479802abab97496284553
                                                        • Instruction ID: f24527ba5c1fcb11792058cf92df645757cbae5d6f9280a54d8a18077dc5b230
                                                        • Opcode Fuzzy Hash: 9ac9c82626b30a2be364a5e4a0e63b0c973a6bc8629479802abab97496284553
                                                        • Instruction Fuzzy Hash: CD716770104284AFDB21DF19D884BAABBE9FBA9344F04055DF999872A1CB70AD46CB51
                                                        Function 00BE911E Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 181windowfileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00B69BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00B69BB2
                                                        • DragQueryPoint.SHELL32(?,?), ref: 00BE9147
                                                          • Part of subcall function 00BE7674: ClientToScreen.USER32(?,?), ref: 00BE769A
                                                          • Part of subcall function 00BE7674: GetWindowRect.USER32(?,?), ref: 00BE7710
                                                          • Part of subcall function 00BE7674: PtInRect.USER32(?,?,00BE8B89), ref: 00BE7720
                                                        • SendMessageW.USER32(?,000000B0,?,?), ref: 00BE91B0
                                                        • DragQueryFileW.SHELL32(?,000000FF,00000000,00000000), ref: 00BE91BB
                                                        • DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 00BE91DE
                                                        • SendMessageW.USER32(?,000000C2,00000001,?), ref: 00BE9225
                                                        • SendMessageW.USER32(?,000000B0,?,?), ref: 00BE923E
                                                        • SendMessageW.USER32(?,000000B1,?,?), ref: 00BE9255
                                                        • SendMessageW.USER32(?,000000B1,?,?), ref: 00BE9277
                                                        • DragFinish.SHELL32(?), ref: 00BE927E
                                                        • DefDlgProcW.USER32(?,00000233,?,00000000,?,?,?), ref: 00BE9371
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: MessageSend$Drag$Query$FileRectWindow$ClientFinishLongPointProcScreen
                                                        • String ID: @GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID
                                                        • API String ID: 221274066-3440237614
                                                        • Opcode ID: 9bcf2b6d3a7441133a47177a14722ac309a234117c4a139e47c4398b0bb64065
                                                        • Instruction ID: 1afa833334f0e21c6f2a39a74b3c4b34379dccbd885e29d130ee253b049770fa
                                                        • Opcode Fuzzy Hash: 9bcf2b6d3a7441133a47177a14722ac309a234117c4a139e47c4398b0bb64065
                                                        • Instruction Fuzzy Hash: 19617A71108341AFC701DF65DC85EAFBBE8EF89750F000AADF995971A1DB309A49CB52
                                                        Function 00BCC476 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 143networkCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 00BCC4B0
                                                        • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 00BCC4C3
                                                        • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 00BCC4D7
                                                        • HttpOpenRequestW.WININET(00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 00BCC4F0
                                                        • InternetQueryOptionW.WININET(00000000,0000001F,?,?), ref: 00BCC533
                                                        • InternetSetOptionW.WININET(00000000,0000001F,00000100,00000004), ref: 00BCC549
                                                        • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00BCC554
                                                        • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 00BCC584
                                                        • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 00BCC5DC
                                                        • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 00BCC5F0
                                                        • InternetCloseHandle.WININET(00000000), ref: 00BCC5FB
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: Internet$Http$ErrorEventLastOptionQueryRequest$CloseConnectHandleInfoOpenSend
                                                        • String ID:
                                                        • API String ID: 3800310941-3916222277
                                                        • Opcode ID: b904c98ea02dde9b987ba74ac7568979ce8dfad1d104605810763cea7ddf1c32
                                                        • Instruction ID: 74dc929a5f5932312afabe8b5d0562d47e3784f8e70710c8eb782968d0c71a39
                                                        • Opcode Fuzzy Hash: b904c98ea02dde9b987ba74ac7568979ce8dfad1d104605810763cea7ddf1c32
                                                        • Instruction Fuzzy Hash: AB5138B1500648BFDB218F64C989FAA7FFCEB28754F00845EF94AD7250DB34E9459B60
                                                        Function 00BE856F Relevance: 22.6, APIs: 15, Instructions: 131filecommemoryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,00000000,?,?,?,?,?,00000000,?,000000EC), ref: 00BE8592
                                                        • GetFileSize.KERNEL32(00000000,00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 00BE85A2
                                                        • GlobalAlloc.KERNEL32(00000002,00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 00BE85AD
                                                        • CloseHandle.KERNEL32(00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 00BE85BA
                                                        • GlobalLock.KERNEL32(00000000), ref: 00BE85C8
                                                        • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 00BE85D7
                                                        • GlobalUnlock.KERNEL32(00000000), ref: 00BE85E0
                                                        • CloseHandle.KERNEL32(00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 00BE85E7
                                                        • CreateStreamOnHGlobal.OLE32(00000000,00000001,000000F0,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 00BE85F8
                                                        • OleLoadPicture.OLEAUT32(000000F0,00000000,00000000,00BEFC38,?), ref: 00BE8611
                                                        • GlobalFree.KERNEL32(00000000), ref: 00BE8621
                                                        • GetObjectW.GDI32(?,00000018,?), ref: 00BE8641
                                                        • CopyImage.USER32(?,00000000,00000000,?,00002000), ref: 00BE8671
                                                        • DeleteObject.GDI32(?), ref: 00BE8699
                                                        • SendMessageW.USER32(?,00000172,00000000,00000000), ref: 00BE86AF
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: Global$File$CloseCreateHandleObject$AllocCopyDeleteFreeImageLoadLockMessagePictureReadSendSizeStreamUnlock
                                                        • String ID:
                                                        • API String ID: 3840717409-0
                                                        • Opcode ID: b61ef31b8a94554730a84f2bc02cc874cf90d2b891e4160ea9c3efb70d3f4b8a
                                                        • Instruction ID: 75df3af7e9522167134d070ecc39b2d46e3f46b0d82f5c52ede88e24cbcd4cf1
                                                        • Opcode Fuzzy Hash: b61ef31b8a94554730a84f2bc02cc874cf90d2b891e4160ea9c3efb70d3f4b8a
                                                        • Instruction Fuzzy Hash: B041F975600284AFDB11DFA5DC88EAA7BF8EF89715F104058F919EB260DB349902DB60
                                                        Function 00BC14BD Relevance: 21.4, APIs: 10, Strings: 2, Instructions: 360timeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • VariantInit.OLEAUT32(00000000), ref: 00BC1502
                                                        • VariantCopy.OLEAUT32(?,?), ref: 00BC150B
                                                        • VariantClear.OLEAUT32(?), ref: 00BC1517
                                                        • VariantTimeToSystemTime.OLEAUT32(?,?,?), ref: 00BC15FB
                                                        • VarR8FromDec.OLEAUT32(?,?), ref: 00BC1657
                                                        • VariantInit.OLEAUT32(?), ref: 00BC1708
                                                        • SysFreeString.OLEAUT32(?), ref: 00BC178C
                                                        • VariantClear.OLEAUT32(?), ref: 00BC17D8
                                                        • VariantClear.OLEAUT32(?), ref: 00BC17E7
                                                        • VariantInit.OLEAUT32(00000000), ref: 00BC1823
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: Variant$ClearInit$Time$CopyFreeFromStringSystem
                                                        • String ID: %4d%02d%02d%02d%02d%02d$Default
                                                        • API String ID: 1234038744-3931177956
                                                        • Opcode ID: 441ee639cf06465ec8019c3df053b2deb6adfda94b5e5e4e98c30e4dd7893a11
                                                        • Instruction ID: 2a36e8b6d9f64529b2ff209bd4d2906ee0dee4194cd6c1d13b5488046d27db3b
                                                        • Opcode Fuzzy Hash: 441ee639cf06465ec8019c3df053b2deb6adfda94b5e5e4e98c30e4dd7893a11
                                                        • Instruction Fuzzy Hash: 85D1BD71A00215DBDB009F69E885F79B7F5FF46700F5088EAE806BB282DB34AC45DB61
                                                        Function 00BDB60E Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 285registrylibraryloaderCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00B59CB3: _wcslen.LIBCMT ref: 00B59CBD
                                                          • Part of subcall function 00BDC998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00BDB6AE,?,?), ref: 00BDC9B5
                                                          • Part of subcall function 00BDC998: _wcslen.LIBCMT ref: 00BDC9F1
                                                          • Part of subcall function 00BDC998: _wcslen.LIBCMT ref: 00BDCA68
                                                          • Part of subcall function 00BDC998: _wcslen.LIBCMT ref: 00BDCA9E
                                                        • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00BDB6F4
                                                        • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00BDB772
                                                        • RegDeleteValueW.ADVAPI32(?,?), ref: 00BDB80A
                                                        • RegCloseKey.ADVAPI32(?), ref: 00BDB87E
                                                        • RegCloseKey.ADVAPI32(?), ref: 00BDB89C
                                                        • LoadLibraryA.KERNEL32(advapi32.dll), ref: 00BDB8F2
                                                        • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 00BDB904
                                                        • RegDeleteKeyW.ADVAPI32(?,?), ref: 00BDB922
                                                        • FreeLibrary.KERNEL32(00000000), ref: 00BDB983
                                                        • RegCloseKey.ADVAPI32(00000000), ref: 00BDB994
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: _wcslen$Close$DeleteLibrary$AddressBuffCharConnectFreeLoadOpenProcRegistryUpperValue
                                                        • String ID: RegDeleteKeyExW$advapi32.dll
                                                        • API String ID: 146587525-4033151799
                                                        • Opcode ID: 55f985898909bb0bf581ef9aed9ea6b3ed48943c0e64f710f2494be3ca3ac0d6
                                                        • Instruction ID: 97f319b29838a5e6578f89877710eb67fd57494dd2d2807c82bc973e0188a74f
                                                        • Opcode Fuzzy Hash: 55f985898909bb0bf581ef9aed9ea6b3ed48943c0e64f710f2494be3ca3ac0d6
                                                        • Instruction Fuzzy Hash: 91C16934204241EFD714DF24C495F2ABBE5EF84318F15859DE89A4B3A2DB35EC4ACB91
                                                        Function 00BD255C Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 169windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetDC.USER32(00000000), ref: 00BD25D8
                                                        • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 00BD25E8
                                                        • CreateCompatibleDC.GDI32(?), ref: 00BD25F4
                                                        • SelectObject.GDI32(00000000,?), ref: 00BD2601
                                                        • StretchBlt.GDI32(?,00000000,00000000,?,?,?,00000006,?,?,?,00CC0020), ref: 00BD266D
                                                        • GetDIBits.GDI32(?,?,00000000,00000000,00000000,00000028,00000000), ref: 00BD26AC
                                                        • GetDIBits.GDI32(?,?,00000000,?,00000000,00000028,00000000), ref: 00BD26D0
                                                        • SelectObject.GDI32(?,?), ref: 00BD26D8
                                                        • DeleteObject.GDI32(?), ref: 00BD26E1
                                                        • DeleteDC.GDI32(?), ref: 00BD26E8
                                                        • ReleaseDC.USER32(00000000,?), ref: 00BD26F3
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: Object$BitsCompatibleCreateDeleteSelect$BitmapReleaseStretch
                                                        • String ID: (
                                                        • API String ID: 2598888154-3887548279
                                                        • Opcode ID: e672cb7c8569a8e406fa515bddf1190b9f4504f6844096486051f130927c69e7
                                                        • Instruction ID: 09bf1b1a5bdeed6dfc8925eaf44ee875158c0a5b263910ceb6c0f189d811bc0a
                                                        • Opcode Fuzzy Hash: e672cb7c8569a8e406fa515bddf1190b9f4504f6844096486051f130927c69e7
                                                        • Instruction Fuzzy Hash: 2261D075D00259EFCF14CFA8D884AAEBBF5FF58310F20856AE955A7250E770A941CF60
                                                        Function 00B8DA5D Relevance: 19.6, APIs: 13, Instructions: 114COMMONLIBRARYCODE
                                                        Download Yara Rule
                                                        APIs
                                                        • ___free_lconv_mon.LIBCMT ref: 00B8DAA1
                                                          • Part of subcall function 00B8D63C: _free.LIBCMT ref: 00B8D659
                                                          • Part of subcall function 00B8D63C: _free.LIBCMT ref: 00B8D66B
                                                          • Part of subcall function 00B8D63C: _free.LIBCMT ref: 00B8D67D
                                                          • Part of subcall function 00B8D63C: _free.LIBCMT ref: 00B8D68F
                                                          • Part of subcall function 00B8D63C: _free.LIBCMT ref: 00B8D6A1
                                                          • Part of subcall function 00B8D63C: _free.LIBCMT ref: 00B8D6B3
                                                          • Part of subcall function 00B8D63C: _free.LIBCMT ref: 00B8D6C5
                                                          • Part of subcall function 00B8D63C: _free.LIBCMT ref: 00B8D6D7
                                                          • Part of subcall function 00B8D63C: _free.LIBCMT ref: 00B8D6E9
                                                          • Part of subcall function 00B8D63C: _free.LIBCMT ref: 00B8D6FB
                                                          • Part of subcall function 00B8D63C: _free.LIBCMT ref: 00B8D70D
                                                          • Part of subcall function 00B8D63C: _free.LIBCMT ref: 00B8D71F
                                                          • Part of subcall function 00B8D63C: _free.LIBCMT ref: 00B8D731
                                                        • _free.LIBCMT ref: 00B8DA96
                                                          • Part of subcall function 00B829C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00B8D7D1,00000000,00000000,00000000,00000000,?,00B8D7F8,00000000,00000007,00000000,?,00B8DBF5,00000000), ref: 00B829DE
                                                          • Part of subcall function 00B829C8: GetLastError.KERNEL32(00000000,?,00B8D7D1,00000000,00000000,00000000,00000000,?,00B8D7F8,00000000,00000007,00000000,?,00B8DBF5,00000000,00000000), ref: 00B829F0
                                                        • _free.LIBCMT ref: 00B8DAB8
                                                        • _free.LIBCMT ref: 00B8DACD
                                                        • _free.LIBCMT ref: 00B8DAD8
                                                        • _free.LIBCMT ref: 00B8DAFA
                                                        • _free.LIBCMT ref: 00B8DB0D
                                                        • _free.LIBCMT ref: 00B8DB1B
                                                        • _free.LIBCMT ref: 00B8DB26
                                                        • _free.LIBCMT ref: 00B8DB5E
                                                        • _free.LIBCMT ref: 00B8DB65
                                                        • _free.LIBCMT ref: 00B8DB82
                                                        • _free.LIBCMT ref: 00B8DB9A
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                        • String ID:
                                                        • API String ID: 161543041-0
                                                        • Opcode ID: 7857380c08966d71baf3f5ebd6d56d63faa7456195113df4b6472ee9ffcb372a
                                                        • Instruction ID: 98c4f26ea9d60793022d01375d9de4887b9d9fc57b4c72c3d524c33e52f73f34
                                                        • Opcode Fuzzy Hash: 7857380c08966d71baf3f5ebd6d56d63faa7456195113df4b6472ee9ffcb372a
                                                        • Instruction Fuzzy Hash: 2F3128716446059FEB25BB39E845B5AB7E9FF00320F2644AAE449D72F1DE35EC80CB20
                                                        Function 00BB365B Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 267windowtimeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetClassNameW.USER32(?,?,00000100), ref: 00BB369C
                                                        • _wcslen.LIBCMT ref: 00BB36A7
                                                        • SendMessageTimeoutW.USER32(?,?,00000101,00000000,00000002,00001388,?), ref: 00BB3797
                                                        • GetClassNameW.USER32(?,?,00000400), ref: 00BB380C
                                                        • GetDlgCtrlID.USER32(?), ref: 00BB385D
                                                        • GetWindowRect.USER32(?,?), ref: 00BB3882
                                                        • GetParent.USER32(?), ref: 00BB38A0
                                                        • ScreenToClient.USER32(00000000), ref: 00BB38A7
                                                        • GetClassNameW.USER32(?,?,00000100), ref: 00BB3921
                                                        • GetWindowTextW.USER32(?,?,00000400), ref: 00BB395D
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: ClassName$Window$ClientCtrlMessageParentRectScreenSendTextTimeout_wcslen
                                                        • String ID: %s%u
                                                        • API String ID: 4010501982-679674701
                                                        • Opcode ID: 56edc600951e9a564d223b2850e3e653e3883e96f82d0b21c67ee5bc8212777b
                                                        • Instruction ID: 82826d0aca55f66ad0177a592202137e87067a89a071d7a70439695cf1dc99b5
                                                        • Opcode Fuzzy Hash: 56edc600951e9a564d223b2850e3e653e3883e96f82d0b21c67ee5bc8212777b
                                                        • Instruction Fuzzy Hash: A591A071204606AFD719DF24C885FFAB7E8FF44750F008669F9AAC6190DBB0EA45CB91
                                                        Function 00BB4954 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 253COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetClassNameW.USER32(?,?,00000400), ref: 00BB4994
                                                        • GetWindowTextW.USER32(?,?,00000400), ref: 00BB49DA
                                                        • _wcslen.LIBCMT ref: 00BB49EB
                                                        • CharUpperBuffW.USER32(?,00000000), ref: 00BB49F7
                                                        • _wcsstr.LIBVCRUNTIME ref: 00BB4A2C
                                                        • GetClassNameW.USER32(00000018,?,00000400), ref: 00BB4A64
                                                        • GetWindowTextW.USER32(?,?,00000400), ref: 00BB4A9D
                                                        • GetClassNameW.USER32(00000018,?,00000400), ref: 00BB4AE6
                                                        • GetClassNameW.USER32(?,?,00000400), ref: 00BB4B20
                                                        • GetWindowRect.USER32(?,?), ref: 00BB4B8B
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: ClassName$Window$Text$BuffCharRectUpper_wcslen_wcsstr
                                                        • String ID: ThumbnailClass
                                                        • API String ID: 1311036022-1241985126
                                                        • Opcode ID: fc2f62692206916b67172bb7786dff7a95c0415e7b3803233b478a34a82b1e61
                                                        • Instruction ID: cec8b43a8617bac421d8dc606f839549d4900da9f8ee778bd60a69480f24208d
                                                        • Opcode Fuzzy Hash: fc2f62692206916b67172bb7786dff7a95c0415e7b3803233b478a34a82b1e61
                                                        • Instruction Fuzzy Hash: D6919D720082059FDB14DF14C985BFA7BE8FF84714F0484A9FE899A196DBB0ED45CBA1
                                                        Function 00BE8D0E Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 221windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00B69BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00B69BB2
                                                        • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 00BE8D5A
                                                        • GetFocus.USER32 ref: 00BE8D6A
                                                        • GetDlgCtrlID.USER32(00000000), ref: 00BE8D75
                                                        • DefDlgProcW.USER32(?,00000111,?,?,00000000,?,?,?,?,?,?,?), ref: 00BE8E1D
                                                        • GetMenuItemInfoW.USER32(?,00000000,00000000,?), ref: 00BE8ECF
                                                        • GetMenuItemCount.USER32(?), ref: 00BE8EEC
                                                        • GetMenuItemID.USER32(?,00000000), ref: 00BE8EFC
                                                        • GetMenuItemInfoW.USER32(?,-00000001,00000001,?), ref: 00BE8F2E
                                                        • GetMenuItemInfoW.USER32(?,?,00000001,?), ref: 00BE8F70
                                                        • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 00BE8FA1
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: ItemMenu$Info$CheckCountCtrlFocusLongMessagePostProcRadioWindow
                                                        • String ID: 0
                                                        • API String ID: 1026556194-4108050209
                                                        • Opcode ID: fe3770a87838a8c826a186f65061f60fb9b8cc580119683c1d199b8e48ebb56e
                                                        • Instruction ID: 68b867b96d77d2aaa7a14bf07fc48ceae4da6756a7d576c3279320efcce9055d
                                                        • Opcode Fuzzy Hash: fe3770a87838a8c826a186f65061f60fb9b8cc580119683c1d199b8e48ebb56e
                                                        • Instruction Fuzzy Hash: 1681B0715047819FDB10CF25D884AAB7BE9FF98314F1409ADF9999B291DB30D901CBA1
                                                        Function 00BBBF30 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 190windowsleepCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetMenuItemInfoW.USER32(00C21990,000000FF,00000000,00000030), ref: 00BBBFAC
                                                        • SetMenuItemInfoW.USER32(00C21990,00000004,00000000,00000030), ref: 00BBBFE1
                                                        • Sleep.KERNEL32(000001F4), ref: 00BBBFF3
                                                        • GetMenuItemCount.USER32(?), ref: 00BBC039
                                                        • GetMenuItemID.USER32(?,00000000), ref: 00BBC056
                                                        • GetMenuItemID.USER32(?,-00000001), ref: 00BBC082
                                                        • GetMenuItemID.USER32(?,?), ref: 00BBC0C9
                                                        • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 00BBC10F
                                                        • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00BBC124
                                                        • SetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00BBC145
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: ItemMenu$Info$CheckCountRadioSleep
                                                        • String ID: 0
                                                        • API String ID: 1460738036-4108050209
                                                        • Opcode ID: 1777ba8a4b849321ac4a704a22f040644c981954cb5f6565b5a3eba001e8a181
                                                        • Instruction ID: 7d29d418765d4c3cf49a5b4bfa252497d0de3c8e3f11af0e6222103a702457e9
                                                        • Opcode Fuzzy Hash: 1777ba8a4b849321ac4a704a22f040644c981954cb5f6565b5a3eba001e8a181
                                                        • Instruction Fuzzy Hash: AF619DB090028AAFDF21DF68CC89AFE7FF9EB05344F544095E811A7291CBB1AD05CB61
                                                        Function 00BBDC0E Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 178COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetFileVersionInfoSizeW.VERSION(?,?), ref: 00BBDC20
                                                        • GetFileVersionInfoW.VERSION(?,00000000,00000000,00000000,?,?), ref: 00BBDC46
                                                        • _wcslen.LIBCMT ref: 00BBDC50
                                                        • _wcsstr.LIBVCRUNTIME ref: 00BBDCA0
                                                        • VerQueryValueW.VERSION(?,\VarFileInfo\Translation,?,?,?,?,?,?,00000000,?,?), ref: 00BBDCBC
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: FileInfoVersion$QuerySizeValue_wcslen_wcsstr
                                                        • String ID: %u.%u.%u.%u$04090000$DefaultLangCodepage$StringFileInfo\$\VarFileInfo\Translation
                                                        • API String ID: 1939486746-1459072770
                                                        • Opcode ID: c21ab9a6ff52eb437ff22fd9d28aed55b9dbe802e3e2259bc6c6f9fe321869d6
                                                        • Instruction ID: 4a2dbcd3b2d3d5d6e7e9184bde05d06461f34cb128db14d9d266828e22c896a4
                                                        • Opcode Fuzzy Hash: c21ab9a6ff52eb437ff22fd9d28aed55b9dbe802e3e2259bc6c6f9fe321869d6
                                                        • Instruction Fuzzy Hash: B741E0329402057BEB10A7749C47EFF7BECEF42710F1440EAF904A6192FBA9990297A5
                                                        Function 00BDCC34 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 104registryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 00BDCC64
                                                        • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?,00000000), ref: 00BDCC8D
                                                        • FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 00BDCD48
                                                          • Part of subcall function 00BDCC34: RegCloseKey.ADVAPI32(?,?,?,00000000), ref: 00BDCCAA
                                                          • Part of subcall function 00BDCC34: LoadLibraryA.KERNEL32(advapi32.dll,?,?,00000000), ref: 00BDCCBD
                                                          • Part of subcall function 00BDCC34: GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 00BDCCCF
                                                          • Part of subcall function 00BDCC34: FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 00BDCD05
                                                          • Part of subcall function 00BDCC34: RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 00BDCD28
                                                        • RegDeleteKeyW.ADVAPI32(?,?), ref: 00BDCCF3
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: Library$EnumFree$AddressCloseDeleteLoadOpenProc
                                                        • String ID: RegDeleteKeyExW$advapi32.dll
                                                        • API String ID: 2734957052-4033151799
                                                        • Opcode ID: 78debf3f91331cf9798dbc8da567fd5aa1fbd60a445543bd49105828f60f2579
                                                        • Instruction ID: 78e8dab8da153cb439a134d81a3b17ba2d6c3c2aecc16ac48acb88a854149921
                                                        • Opcode Fuzzy Hash: 78debf3f91331cf9798dbc8da567fd5aa1fbd60a445543bd49105828f60f2579
                                                        • Instruction Fuzzy Hash: FE315E7190112ABBDB208B54DC88EFFBFBCEF45750F0001A6F905E7241EB349A46DAA0
                                                        Function 00BC3D1E Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 101fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00BC3D40
                                                        • _wcslen.LIBCMT ref: 00BC3D6D
                                                        • CreateDirectoryW.KERNEL32(?,00000000), ref: 00BC3D9D
                                                        • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000003,02200000,00000000), ref: 00BC3DBE
                                                        • RemoveDirectoryW.KERNEL32(?), ref: 00BC3DCE
                                                        • DeviceIoControl.KERNEL32(00000000,000900A4,?,?,00000000,00000000,?,00000000), ref: 00BC3E55
                                                        • CloseHandle.KERNEL32(00000000), ref: 00BC3E60
                                                        • CloseHandle.KERNEL32(00000000), ref: 00BC3E6B
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: CloseCreateDirectoryHandle$ControlDeviceFileFullNamePathRemove_wcslen
                                                        • String ID: :$\$\??\%s
                                                        • API String ID: 1149970189-3457252023
                                                        • Opcode ID: d03dd58c394798158620fc065f5fa8e3f705c6559b73ea0953762c965aad392a
                                                        • Instruction ID: c9d8fd1b6d38966acbda6be78df8e160ed1930e6bb4e4c970d5f3c6c59ff2411
                                                        • Opcode Fuzzy Hash: d03dd58c394798158620fc065f5fa8e3f705c6559b73ea0953762c965aad392a
                                                        • Instruction Fuzzy Hash: 48317371900249ABDB219FA0DC89FEB37FCEF89B00F5081B9F619D6150EB7497458B24
                                                        Function 00BBE6B0 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 72sleepwindowtimeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • timeGetTime.WINMM ref: 00BBE6B4
                                                          • Part of subcall function 00B6E551: timeGetTime.WINMM(?,?,00BBE6D4), ref: 00B6E555
                                                        • Sleep.KERNEL32(0000000A), ref: 00BBE6E1
                                                        • EnumThreadWindows.USER32(?,Function_0006E665,00000000), ref: 00BBE705
                                                        • FindWindowExW.USER32(00000000,00000000,BUTTON,00000000), ref: 00BBE727
                                                        • SetActiveWindow.USER32 ref: 00BBE746
                                                        • SendMessageW.USER32(00000000,000000F5,00000000,00000000), ref: 00BBE754
                                                        • SendMessageW.USER32(00000010,00000000,00000000), ref: 00BBE773
                                                        • Sleep.KERNEL32(000000FA), ref: 00BBE77E
                                                        • IsWindow.USER32 ref: 00BBE78A
                                                        • EndDialog.USER32(00000000), ref: 00BBE79B
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: Window$MessageSendSleepTimetime$ActiveDialogEnumFindThreadWindows
                                                        • String ID: BUTTON
                                                        • API String ID: 1194449130-3405671355
                                                        • Opcode ID: 0b6ed7a6bd644f18837f58e12f894da0005070a7312dc0793e2a6496831b5c3f
                                                        • Instruction ID: 951f4486594497ca5e11c59680d1f981361fb2bc8084444e7c4c0c8405237168
                                                        • Opcode Fuzzy Hash: 0b6ed7a6bd644f18837f58e12f894da0005070a7312dc0793e2a6496831b5c3f
                                                        • Instruction Fuzzy Hash: F521C271210644BFEB209F24ECC9BBA3FE9EB15348B101464F822976B1CFB1EC028A10
                                                        Function 00BBE9FC Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 71COMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00B59CB3: _wcslen.LIBCMT ref: 00B59CBD
                                                        • mciSendStringW.WINMM(status PlayMe mode,?,00000100,00000000), ref: 00BBEA5D
                                                        • mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 00BBEA73
                                                        • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00BBEA84
                                                        • mciSendStringW.WINMM(play PlayMe wait,00000000,00000000,00000000), ref: 00BBEA96
                                                        • mciSendStringW.WINMM(play PlayMe,00000000,00000000,00000000), ref: 00BBEAA7
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: SendString$_wcslen
                                                        • String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
                                                        • API String ID: 2420728520-1007645807
                                                        • Opcode ID: 3442cde515c41e5aead93cbff8cd50680378dbe217b02c871c520432cd035690
                                                        • Instruction ID: 11331ef159b28f920ff89975741df4735b418646d8f1d9c9f9d41b00cce47273
                                                        • Opcode Fuzzy Hash: 3442cde515c41e5aead93cbff8cd50680378dbe217b02c871c520432cd035690
                                                        • Instruction Fuzzy Hash: 66117331A512597AD720A7A1DC4AEFF6AFCEFD2F40F4004B97811A20D1EEB05D89C5B0
                                                        Function 00BB9F91 Relevance: 18.2, APIs: 12, Instructions: 188keyboardCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetKeyboardState.USER32(?), ref: 00BBA012
                                                        • SetKeyboardState.USER32(?), ref: 00BBA07D
                                                        • GetAsyncKeyState.USER32(000000A0), ref: 00BBA09D
                                                        • GetKeyState.USER32(000000A0), ref: 00BBA0B4
                                                        • GetAsyncKeyState.USER32(000000A1), ref: 00BBA0E3
                                                        • GetKeyState.USER32(000000A1), ref: 00BBA0F4
                                                        • GetAsyncKeyState.USER32(00000011), ref: 00BBA120
                                                        • GetKeyState.USER32(00000011), ref: 00BBA12E
                                                        • GetAsyncKeyState.USER32(00000012), ref: 00BBA157
                                                        • GetKeyState.USER32(00000012), ref: 00BBA165
                                                        • GetAsyncKeyState.USER32(0000005B), ref: 00BBA18E
                                                        • GetKeyState.USER32(0000005B), ref: 00BBA19C
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: State$Async$Keyboard
                                                        • String ID:
                                                        • API String ID: 541375521-0
                                                        • Opcode ID: ecf9dcda3b90657349468e56a825b150fe3d6fe5cfbf3b4eec750f567ed26023
                                                        • Instruction ID: e1562e9089b3105e1400ec280d5a03d41f753e7064840089121b7c03ad79486e
                                                        • Opcode Fuzzy Hash: ecf9dcda3b90657349468e56a825b150fe3d6fe5cfbf3b4eec750f567ed26023
                                                        • Instruction Fuzzy Hash: C551A820D047882BFB35EB6488517FAAFF5DF12380F4845D9D5C25B1C2DAE4AA4CC762
                                                        Function 00BB5CC6 Relevance: 18.2, APIs: 12, Instructions: 173COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetDlgItem.USER32(?,00000001), ref: 00BB5CE2
                                                        • GetWindowRect.USER32(00000000,?), ref: 00BB5CFB
                                                        • MoveWindow.USER32(?,0000000A,00000004,?,?,00000004,00000000), ref: 00BB5D59
                                                        • GetDlgItem.USER32(?,00000002), ref: 00BB5D69
                                                        • GetWindowRect.USER32(00000000,?), ref: 00BB5D7B
                                                        • MoveWindow.USER32(?,?,00000004,00000000,?,00000004,00000000), ref: 00BB5DCF
                                                        • GetDlgItem.USER32(?,000003E9), ref: 00BB5DDD
                                                        • GetWindowRect.USER32(00000000,?), ref: 00BB5DEF
                                                        • MoveWindow.USER32(?,0000000A,00000000,?,00000004,00000000), ref: 00BB5E31
                                                        • GetDlgItem.USER32(?,000003EA), ref: 00BB5E44
                                                        • MoveWindow.USER32(00000000,0000000A,0000000A,?,-00000005,00000000), ref: 00BB5E5A
                                                        • InvalidateRect.USER32(?,00000000,00000001), ref: 00BB5E67
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: Window$ItemMoveRect$Invalidate
                                                        • String ID:
                                                        • API String ID: 3096461208-0
                                                        • Opcode ID: 9bbcde79a9367abfa7d1263ebe736def67fa5dc446137eb25a2c4fbf34677c91
                                                        • Instruction ID: 22cc477b88c13c2b603d976293dae2440f2e9eabfbe2f552434f3ede13e224fb
                                                        • Opcode Fuzzy Hash: 9bbcde79a9367abfa7d1263ebe736def67fa5dc446137eb25a2c4fbf34677c91
                                                        • Instruction Fuzzy Hash: 9951FE71A00605AFDF18CF68DD89AAEBBF5FB48300F548269F916E7290DB709E05CB51
                                                        Function 00B68BCD Relevance: 18.2, APIs: 12, Instructions: 168timeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00B68F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00B68BE8,?,00000000,?,?,?,?,00B68BBA,00000000,?), ref: 00B68FC5
                                                        • DestroyWindow.USER32(?), ref: 00B68C81
                                                        • KillTimer.USER32(00000000,?,?,?,?,00B68BBA,00000000,?), ref: 00B68D1B
                                                        • DestroyAcceleratorTable.USER32(00000000), ref: 00BA6973
                                                        • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,00000000,?,?,?,?,00B68BBA,00000000,?), ref: 00BA69A1
                                                        • ImageList_Destroy.COMCTL32(?,?,?,?,?,?,?,00000000,?,?,?,?,00B68BBA,00000000,?), ref: 00BA69B8
                                                        • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,?,?,00000000,?,?,?,?,00B68BBA,00000000), ref: 00BA69D4
                                                        • DeleteObject.GDI32(00000000), ref: 00BA69E6
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: Destroy$ImageList_$AcceleratorDeleteInvalidateKillObjectRectTableTimerWindow
                                                        • String ID:
                                                        • API String ID: 641708696-0
                                                        • Opcode ID: 48787bf33eecb9e8289dbd1ab8b76ce672490351ac94738faff1e22705402db1
                                                        • Instruction ID: a3a74a52891f8f885617964e7298933b93bcfd84c8c0836716706db6792a32a2
                                                        • Opcode Fuzzy Hash: 48787bf33eecb9e8289dbd1ab8b76ce672490351ac94738faff1e22705402db1
                                                        • Instruction Fuzzy Hash: 01618C71512700DFCB359F28D998B2A7BF1FB55312F1846A8E4429B960CB39ACD2CF90
                                                        Function 00B69838 Relevance: 18.1, APIs: 12, Instructions: 137COMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00B69944: GetWindowLongW.USER32(?,000000EB), ref: 00B69952
                                                        • GetSysColor.USER32(0000000F), ref: 00B69862
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: ColorLongWindow
                                                        • String ID:
                                                        • API String ID: 259745315-0
                                                        • Opcode ID: 71fda2c213275bac4e1b93332aeb0e18f141da2d4763d18042c08c3994be61fa
                                                        • Instruction ID: 75c2225ee7060d603ee764c0eadd09a841d223236cef70a546229592b19e9f0c
                                                        • Opcode Fuzzy Hash: 71fda2c213275bac4e1b93332aeb0e18f141da2d4763d18042c08c3994be61fa
                                                        • Instruction Fuzzy Hash: 0C41BF31508640AFDB205F389C84BBA3BE9FB56371F144689F9B29B1E1DB349C42DB11
                                                        Function 00BB96E2 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 137windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetModuleHandleW.KERNEL32(00000000,?,00000FFF,00000001,00000000,?,?,00B9F7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?), ref: 00BB9717
                                                        • LoadStringW.USER32(00000000,?,00B9F7F8,00000001), ref: 00BB9720
                                                          • Part of subcall function 00B59CB3: _wcslen.LIBCMT ref: 00B59CBD
                                                        • GetModuleHandleW.KERNEL32(00000000,00000001,?,00000FFF,?,?,00B9F7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?,00000000), ref: 00BB9742
                                                        • LoadStringW.USER32(00000000,?,00B9F7F8,00000001), ref: 00BB9745
                                                        • MessageBoxW.USER32(00000000,00000000,?,00011010), ref: 00BB9866
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: HandleLoadModuleString$Message_wcslen
                                                        • String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
                                                        • API String ID: 747408836-2268648507
                                                        • Opcode ID: e26523d775ab0fa727c0c81d9a9224f0c50e4ec5968999d55b3bcc266596d830
                                                        • Instruction ID: 8bd5ec8e05f7b776eda569a40a859aaa456317ff05db0c34a91c87bd272d9690
                                                        • Opcode Fuzzy Hash: e26523d775ab0fa727c0c81d9a9224f0c50e4ec5968999d55b3bcc266596d830
                                                        • Instruction Fuzzy Hash: 73414972800219ABCB04EBE0CD82EEEB7B8EF15741F5400E5FA0572092EB756F49CB61
                                                        Function 00BE3F98 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 101windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • MoveWindow.USER32(?,?,?,000000FF,000000FF,00000000,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?), ref: 00BE403B
                                                        • CreateCompatibleDC.GDI32(00000000), ref: 00BE4042
                                                        • SendMessageW.USER32(?,00000173,00000000,00000000), ref: 00BE4055
                                                        • SelectObject.GDI32(00000000,00000000), ref: 00BE405D
                                                        • GetPixel.GDI32(00000000,00000000,00000000), ref: 00BE4068
                                                        • DeleteDC.GDI32(00000000), ref: 00BE4072
                                                        • GetWindowLongW.USER32(?,000000EC), ref: 00BE407C
                                                        • SetLayeredWindowAttributes.USER32(?,?,00000000,00000001,?,00000000,?), ref: 00BE4092
                                                        • DestroyWindow.USER32(?,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?,?,00000000,00000000,?), ref: 00BE409E
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: Window$AttributesCompatibleCreateDeleteDestroyLayeredLongMessageMoveObjectPixelSelectSend
                                                        • String ID: static
                                                        • API String ID: 2559357485-2160076837
                                                        • Opcode ID: efbc7e1aa827ae949da52ade62a1f30a9846b49d1118c7025844e5f5cfabe13c
                                                        • Instruction ID: 25c0ea4b4111b15ac71f586f989c0234c27f92c91036e921cdb48308da0228ed
                                                        • Opcode Fuzzy Hash: efbc7e1aa827ae949da52ade62a1f30a9846b49d1118c7025844e5f5cfabe13c
                                                        • Instruction Fuzzy Hash: 4D315C32501295AFDF229FA5CC49FDA3FA9FF0D720F110261FA19A61A1CB75D811EB90
                                                        Function 00BD3C30 Relevance: 16.8, APIs: 11, Instructions: 344fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • VariantInit.OLEAUT32(?), ref: 00BD3C5C
                                                        • CoInitialize.OLE32(00000000), ref: 00BD3C8A
                                                        • CoUninitialize.OLE32 ref: 00BD3C94
                                                        • _wcslen.LIBCMT ref: 00BD3D2D
                                                        • GetRunningObjectTable.OLE32(00000000,?), ref: 00BD3DB1
                                                        • SetErrorMode.KERNEL32(00000001,00000029), ref: 00BD3ED5
                                                        • CoGetInstanceFromFile.OLE32(00000000,?,00000000,00000015,00000002,?,00000001,?), ref: 00BD3F0E
                                                        • CoGetObject.OLE32(?,00000000,00BEFB98,?), ref: 00BD3F2D
                                                        • SetErrorMode.KERNEL32(00000000), ref: 00BD3F40
                                                        • SetErrorMode.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 00BD3FC4
                                                        • VariantClear.OLEAUT32(?), ref: 00BD3FD8
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: ErrorMode$ObjectVariant$ClearFileFromInitInitializeInstanceRunningTableUninitialize_wcslen
                                                        • String ID:
                                                        • API String ID: 429561992-0
                                                        • Opcode ID: 02db0a530345b7d0d4141299712bc8f67236562438336c3f5417450930b020ae
                                                        • Instruction ID: 9ae35c4690641056f4bec9dd91f2ec25ab8ac1cd3cf587eb42e58508fb01ff59
                                                        • Opcode Fuzzy Hash: 02db0a530345b7d0d4141299712bc8f67236562438336c3f5417450930b020ae
                                                        • Instruction Fuzzy Hash: 1CC125716042059FD700DF68C88492BBBE9FF89744F1449AEF98A9B351EB31ED05CB52
                                                        Function 00BC7A96 Relevance: 16.8, APIs: 11, Instructions: 298comCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CoInitialize.OLE32(00000000), ref: 00BC7AF3
                                                        • SHGetSpecialFolderLocation.SHELL32(00000000,00000000,?), ref: 00BC7B8F
                                                        • SHGetDesktopFolder.SHELL32(?), ref: 00BC7BA3
                                                        • CoCreateInstance.OLE32(00BEFD08,00000000,00000001,00C16E6C,?), ref: 00BC7BEF
                                                        • SHCreateShellItem.SHELL32(00000000,00000000,?,00000003), ref: 00BC7C74
                                                        • CoTaskMemFree.OLE32(?,?), ref: 00BC7CCC
                                                        • SHBrowseForFolderW.SHELL32(?), ref: 00BC7D57
                                                        • SHGetPathFromIDListW.SHELL32(00000000,?), ref: 00BC7D7A
                                                        • CoTaskMemFree.OLE32(00000000), ref: 00BC7D81
                                                        • CoTaskMemFree.OLE32(00000000), ref: 00BC7DD6
                                                        • CoUninitialize.OLE32 ref: 00BC7DDC
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: FolderFreeTask$Create$BrowseDesktopFromInitializeInstanceItemListLocationPathShellSpecialUninitialize
                                                        • String ID:
                                                        • API String ID: 2762341140-0
                                                        • Opcode ID: 5f48ac7e08b629fa4a1fe1200328fd6bae17ab6ca4cec1b4bebd8df2703856ed
                                                        • Instruction ID: 46ebe86428bec251e120c8097b62a8bb4b0fde937d817f3a7fc6fc8406434d9c
                                                        • Opcode Fuzzy Hash: 5f48ac7e08b629fa4a1fe1200328fd6bae17ab6ca4cec1b4bebd8df2703856ed
                                                        • Instruction Fuzzy Hash: E8C10B75A04109AFCB14DFA4D894EAEBBF5FF48305B1484E9E8169B261DB30ED46CF90
                                                        Function 00BE541D Relevance: 16.7, APIs: 11, Instructions: 191windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SendMessageW.USER32(?,00000158,000000FF,00000158), ref: 00BE5504
                                                        • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00BE5515
                                                        • CharNextW.USER32(00000158), ref: 00BE5544
                                                        • SendMessageW.USER32(?,0000014B,00000000,00000000), ref: 00BE5585
                                                        • SendMessageW.USER32(?,00000158,000000FF,0000014E), ref: 00BE559B
                                                        • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00BE55AC
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: MessageSend$CharNext
                                                        • String ID:
                                                        • API String ID: 1350042424-0
                                                        • Opcode ID: 097c887db036cc033356e4a59ed427542aac7d9d8bd818e316d2ac95341d2575
                                                        • Instruction ID: c12f099f13dcbef15d6e4ede369a8bd9eb140bbb67e921a131332422ee9b02c2
                                                        • Opcode Fuzzy Hash: 097c887db036cc033356e4a59ed427542aac7d9d8bd818e316d2ac95341d2575
                                                        • Instruction Fuzzy Hash: FE619C74900689AFDF209F56CCC4AFE7BF9EF09328F104185F925AB291D7749A81DB60
                                                        Function 00BAFA88 Relevance: 16.6, APIs: 11, Instructions: 122memoryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SafeArrayAllocDescriptorEx.OLEAUT32(0000000C,?,?), ref: 00BAFAAF
                                                        • SafeArrayAllocData.OLEAUT32(?), ref: 00BAFB08
                                                        • VariantInit.OLEAUT32(?), ref: 00BAFB1A
                                                        • SafeArrayAccessData.OLEAUT32(?,?), ref: 00BAFB3A
                                                        • VariantCopy.OLEAUT32(?,?), ref: 00BAFB8D
                                                        • SafeArrayUnaccessData.OLEAUT32(?), ref: 00BAFBA1
                                                        • VariantClear.OLEAUT32(?), ref: 00BAFBB6
                                                        • SafeArrayDestroyData.OLEAUT32(?), ref: 00BAFBC3
                                                        • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 00BAFBCC
                                                        • VariantClear.OLEAUT32(?), ref: 00BAFBDE
                                                        • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 00BAFBE9
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
                                                        • String ID:
                                                        • API String ID: 2706829360-0
                                                        • Opcode ID: 58f510d422499f2e6c996b181d3f7d1ef2a85601c7538d017afa08803b35d4a7
                                                        • Instruction ID: e8a7a395ffa4588cbe896fb1adb36048c7768aebaf018c0dc520d872612f7723
                                                        • Opcode Fuzzy Hash: 58f510d422499f2e6c996b181d3f7d1ef2a85601c7538d017afa08803b35d4a7
                                                        • Instruction Fuzzy Hash: BD413135A0421A9FCF00DFA4D8949FDBFB9FF49344F0080A5E955AB361CB30A946CBA0
                                                        Function 00BB9C79 Relevance: 16.6, APIs: 11, Instructions: 119keyboardCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetKeyboardState.USER32(?), ref: 00BB9CA1
                                                        • GetAsyncKeyState.USER32(000000A0), ref: 00BB9D22
                                                        • GetKeyState.USER32(000000A0), ref: 00BB9D3D
                                                        • GetAsyncKeyState.USER32(000000A1), ref: 00BB9D57
                                                        • GetKeyState.USER32(000000A1), ref: 00BB9D6C
                                                        • GetAsyncKeyState.USER32(00000011), ref: 00BB9D84
                                                        • GetKeyState.USER32(00000011), ref: 00BB9D96
                                                        • GetAsyncKeyState.USER32(00000012), ref: 00BB9DAE
                                                        • GetKeyState.USER32(00000012), ref: 00BB9DC0
                                                        • GetAsyncKeyState.USER32(0000005B), ref: 00BB9DD8
                                                        • GetKeyState.USER32(0000005B), ref: 00BB9DEA
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: State$Async$Keyboard
                                                        • String ID:
                                                        • API String ID: 541375521-0
                                                        • Opcode ID: b2fed7acf454285ccf92f8c1549084ec6125249b007d3fe12b2f5b95460907e7
                                                        • Instruction ID: 7c7971c9a43281511bee40431927e0593b22397085cfed540083a5c12dd55f3b
                                                        • Opcode Fuzzy Hash: b2fed7acf454285ccf92f8c1549084ec6125249b007d3fe12b2f5b95460907e7
                                                        • Instruction Fuzzy Hash: B041A1245047C96FFF31866588453F5AEE0EB21344F4480AADBC65B5C2DBE4A9C8CBA2
                                                        Function 00BD055B Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 207networkfileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • WSAStartup.WSOCK32(00000101,?), ref: 00BD05BC
                                                        • inet_addr.WSOCK32(?), ref: 00BD061C
                                                        • gethostbyname.WSOCK32(?), ref: 00BD0628
                                                        • IcmpCreateFile.IPHLPAPI ref: 00BD0636
                                                        • IcmpSendEcho.IPHLPAPI(?,?,?,00000005,00000000,?,00000029,00000FA0), ref: 00BD06C6
                                                        • IcmpSendEcho.IPHLPAPI(00000000,00000000,?,00000005,00000000,?,00000029,00000FA0), ref: 00BD06E5
                                                        • IcmpCloseHandle.IPHLPAPI(?), ref: 00BD07B9
                                                        • WSACleanup.WSOCK32 ref: 00BD07BF
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: Icmp$EchoSend$CleanupCloseCreateFileHandleStartupgethostbynameinet_addr
                                                        • String ID: Ping
                                                        • API String ID: 1028309954-2246546115
                                                        • Opcode ID: 23469a6578f3741c0edd2fd26f3e0ffd213ef67e45cde2e4a8e464db33ca4d7f
                                                        • Instruction ID: ce6d29120238430a17bd308db9f69ab8af52ec3cb3c648454b679d25763b63a7
                                                        • Opcode Fuzzy Hash: 23469a6578f3741c0edd2fd26f3e0ffd213ef67e45cde2e4a8e464db33ca4d7f
                                                        • Instruction Fuzzy Hash: A6915A356182419FD720EF15D888B1ABBE0EF44318F1485EAE8699F7A2E730ED45CF91
                                                        Function 00BD8CD3 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 193COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: _wcslen$BuffCharLower
                                                        • String ID: cdecl$none$stdcall$winapi
                                                        • API String ID: 707087890-567219261
                                                        • Opcode ID: 4a4c2fd0c4587d5ffbbbc9b34090f04fa0fcaccaa71c6a5e8c4e559f20464cca
                                                        • Instruction ID: 4a899b59a36f614755f8c667516e894b7e56e9afc6ec877c77f12e332d8b155f
                                                        • Opcode Fuzzy Hash: 4a4c2fd0c4587d5ffbbbc9b34090f04fa0fcaccaa71c6a5e8c4e559f20464cca
                                                        • Instruction Fuzzy Hash: 9F519131A001169BCF14DF68C9419BEB7E6EF65712B2042AAE826E73C5EB30DD40CB90
                                                        Function 00BD372C Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 187comCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CoInitialize.OLE32 ref: 00BD3774
                                                        • CoUninitialize.OLE32 ref: 00BD377F
                                                        • CoCreateInstance.OLE32(?,00000000,00000017,00BEFB78,?), ref: 00BD37D9
                                                        • IIDFromString.OLE32(?,?), ref: 00BD384C
                                                        • VariantInit.OLEAUT32(?), ref: 00BD38E4
                                                        • VariantClear.OLEAUT32(?), ref: 00BD3936
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: Variant$ClearCreateFromInitInitializeInstanceStringUninitialize
                                                        • String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
                                                        • API String ID: 636576611-1287834457
                                                        • Opcode ID: 1466dafb14b8c476a5fec68eef24084f028de4d92a313a68c12c84eccd7c01ef
                                                        • Instruction ID: 4910544e97bbcf1a51c57fcbdae9376e0824e296efa982d1dcee1fb028ba4314
                                                        • Opcode Fuzzy Hash: 1466dafb14b8c476a5fec68eef24084f028de4d92a313a68c12c84eccd7c01ef
                                                        • Instruction Fuzzy Hash: 6C618D706087019FD310DF54D888F6ABBE4EF49B10F10499AF8859B392E770EE49DB92
                                                        Function 00BC3388 Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 149COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • LoadStringW.USER32(00000066,?,00000FFF,?), ref: 00BC33CF
                                                          • Part of subcall function 00B59CB3: _wcslen.LIBCMT ref: 00B59CBD
                                                        • LoadStringW.USER32(00000072,?,00000FFF,?), ref: 00BC33F0
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: LoadString$_wcslen
                                                        • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Incorrect parameters to object property !$Line %d (File "%s"):$^ ERROR
                                                        • API String ID: 4099089115-3080491070
                                                        • Opcode ID: 4c95108f20154638e027461585b1970fae8a227e11d262e699d0d409041dce71
                                                        • Instruction ID: b2eaea70389e92f9cab5723fb470584ed07e6eca4eddee37432efd533f4f4630
                                                        • Opcode Fuzzy Hash: 4c95108f20154638e027461585b1970fae8a227e11d262e699d0d409041dce71
                                                        • Instruction Fuzzy Hash: 50517A32900209AADF14EBA0CD42FEEB7F9EF14741F5441E5B905721A2EB316F99DB60
                                                        Function 00BBB5C8 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 142COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: _wcslen$BuffCharUpper
                                                        • String ID: APPEND$EXISTS$KEYS$REMOVE
                                                        • API String ID: 1256254125-769500911
                                                        • Opcode ID: af779eaeddc12960c41595408cb15ea7cf58474e1aa425b7328de6b4dd3026e8
                                                        • Instruction ID: 0d6f56e2b4213b961fbac68c0bf9f48b84c111a088098b49a2c1eb65e723e493
                                                        • Opcode Fuzzy Hash: af779eaeddc12960c41595408cb15ea7cf58474e1aa425b7328de6b4dd3026e8
                                                        • Instruction Fuzzy Hash: AB41C432A000269BCB205F7D88909FEF7E5EBA1754B2442A9E426DB284E7F1CD81C790
                                                        Function 00BC5393 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 103COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetErrorMode.KERNEL32(00000001), ref: 00BC53A0
                                                        • GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?,00000002,00000001), ref: 00BC5416
                                                        • GetLastError.KERNEL32 ref: 00BC5420
                                                        • SetErrorMode.KERNEL32(00000000,READY), ref: 00BC54A7
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: Error$Mode$DiskFreeLastSpace
                                                        • String ID: INVALID$NOTREADY$READONLY$READY$UNKNOWN
                                                        • API String ID: 4194297153-14809454
                                                        • Opcode ID: cba64454b93f73cbfca710545e44064c31765ee4c582bda540e9a05072c16581
                                                        • Instruction ID: b805f8df3437f74f69c3cd89fdcf0b9a7f4eef7bfaa31677a98f8f0841abbd4d
                                                        • Opcode Fuzzy Hash: cba64454b93f73cbfca710545e44064c31765ee4c582bda540e9a05072c16581
                                                        • Instruction Fuzzy Hash: 56314D75A005049FDB24DF68C884FAA7BE4EF45306F1480A9E805DB396DB71EDC6CB91
                                                        Function 00BE3C46 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 101windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CreateMenu.USER32 ref: 00BE3C79
                                                        • SetMenu.USER32(?,00000000), ref: 00BE3C88
                                                        • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00BE3D10
                                                        • IsMenu.USER32(?), ref: 00BE3D24
                                                        • CreatePopupMenu.USER32 ref: 00BE3D2E
                                                        • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00BE3D5B
                                                        • DrawMenuBar.USER32 ref: 00BE3D63
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: Menu$CreateItem$DrawInfoInsertPopup
                                                        • String ID: 0$F
                                                        • API String ID: 161812096-3044882817
                                                        • Opcode ID: 51cae04dba20fd621a320c2b9a6102e11d03248ddf0390ab86e89e0787b9645e
                                                        • Instruction ID: 79b1464556ac37ec2ad91a120d81f3bc2835eb9b54da5a6601578cd2978bebd9
                                                        • Opcode Fuzzy Hash: 51cae04dba20fd621a320c2b9a6102e11d03248ddf0390ab86e89e0787b9645e
                                                        • Instruction Fuzzy Hash: 74418778A01349AFDB24CF65D888BAA7BF5FF49310F144168E916AB360D730AA11CF90
                                                        Function 00BB1EDF Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 78windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00B59CB3: _wcslen.LIBCMT ref: 00B59CBD
                                                          • Part of subcall function 00BB3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00BB3CCA
                                                        • SendMessageW.USER32(?,0000018C,000000FF,00020000), ref: 00BB1F64
                                                        • GetDlgCtrlID.USER32 ref: 00BB1F6F
                                                        • GetParent.USER32 ref: 00BB1F8B
                                                        • SendMessageW.USER32(00000000,?,00000111,?), ref: 00BB1F8E
                                                        • GetDlgCtrlID.USER32(?), ref: 00BB1F97
                                                        • GetParent.USER32(?), ref: 00BB1FAB
                                                        • SendMessageW.USER32(00000000,?,00000111,?), ref: 00BB1FAE
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: MessageSend$CtrlParent$ClassName_wcslen
                                                        • String ID: ComboBox$ListBox
                                                        • API String ID: 711023334-1403004172
                                                        • Opcode ID: 97b5ae51353e723eb4d3f8be2da7f3b7c3650d22dfcf5076fcada8d7f1de8c0a
                                                        • Instruction ID: 18d987b1158f9d5986d865ac8214ef4f5cfd9ee40f9a188e7d4245a17a5321e1
                                                        • Opcode Fuzzy Hash: 97b5ae51353e723eb4d3f8be2da7f3b7c3650d22dfcf5076fcada8d7f1de8c0a
                                                        • Instruction Fuzzy Hash: 0F21DE74900214FFCF00AFA4CC95AFEBBF8EF1A340F504595B961A72A1CB745909DB60
                                                        Function 00BB1FC0 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 77windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00B59CB3: _wcslen.LIBCMT ref: 00B59CBD
                                                          • Part of subcall function 00BB3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00BB3CCA
                                                        • SendMessageW.USER32(?,00000186,00020000,00000000), ref: 00BB2043
                                                        • GetDlgCtrlID.USER32 ref: 00BB204E
                                                        • GetParent.USER32 ref: 00BB206A
                                                        • SendMessageW.USER32(00000000,?,00000111,?), ref: 00BB206D
                                                        • GetDlgCtrlID.USER32(?), ref: 00BB2076
                                                        • GetParent.USER32(?), ref: 00BB208A
                                                        • SendMessageW.USER32(00000000,?,00000111,?), ref: 00BB208D
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: MessageSend$CtrlParent$ClassName_wcslen
                                                        • String ID: ComboBox$ListBox
                                                        • API String ID: 711023334-1403004172
                                                        • Opcode ID: 37943cbdb68f096031459c9f2a0d0b55f2065c0aa080c7831fafecc256183277
                                                        • Instruction ID: 28f001e42ecbb8170fb3839af6cd67248ef49456d56d28b9f783785028b3b010
                                                        • Opcode Fuzzy Hash: 37943cbdb68f096031459c9f2a0d0b55f2065c0aa080c7831fafecc256183277
                                                        • Instruction Fuzzy Hash: B621CF75900218BFCF10AFA4CC85EFEBFF8EF09340F500495B951A71A1CAB98959DB60
                                                        Function 00BE3A23 Relevance: 15.2, APIs: 10, Instructions: 182windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 00BE3A9D
                                                        • SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 00BE3AA0
                                                        • GetWindowLongW.USER32(?,000000F0), ref: 00BE3AC7
                                                        • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00BE3AEA
                                                        • SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 00BE3B62
                                                        • SendMessageW.USER32(?,00001074,00000000,00000007), ref: 00BE3BAC
                                                        • SendMessageW.USER32(?,00001057,00000000,00000000), ref: 00BE3BC7
                                                        • SendMessageW.USER32(?,0000101D,00001004,00000000), ref: 00BE3BE2
                                                        • SendMessageW.USER32(?,0000101E,00001004,00000000), ref: 00BE3BF6
                                                        • SendMessageW.USER32(?,00001008,00000000,00000007), ref: 00BE3C13
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: MessageSend$LongWindow
                                                        • String ID:
                                                        • API String ID: 312131281-0
                                                        • Opcode ID: 84bb588151a0a1d18f3cffa6ad84779ee452441cda172f08254f8fb19cb5d0c7
                                                        • Instruction ID: 76f6d3eb4e9e85346f2c383eaa61be03f306ccb8c4942da5f2248ae4ec6e4905
                                                        • Opcode Fuzzy Hash: 84bb588151a0a1d18f3cffa6ad84779ee452441cda172f08254f8fb19cb5d0c7
                                                        • Instruction Fuzzy Hash: D4615875900248AFDB20DFA8CC85EEE77F8EF09710F144199FA15A72A1C770AA86DB50
                                                        Function 00BBB12F Relevance: 15.1, APIs: 10, Instructions: 88threadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetCurrentThreadId.KERNEL32 ref: 00BBB151
                                                        • GetForegroundWindow.USER32(00000000,?,?,?,?,?,00BBA1E1,?,00000001), ref: 00BBB165
                                                        • GetWindowThreadProcessId.USER32(00000000), ref: 00BBB16C
                                                        • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,00BBA1E1,?,00000001), ref: 00BBB17B
                                                        • GetWindowThreadProcessId.USER32(?,00000000), ref: 00BBB18D
                                                        • AttachThreadInput.USER32(?,00000000,00000001,?,?,?,?,?,00BBA1E1,?,00000001), ref: 00BBB1A6
                                                        • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,00BBA1E1,?,00000001), ref: 00BBB1B8
                                                        • AttachThreadInput.USER32(00000000,00000000,?,?,?,?,?,00BBA1E1,?,00000001), ref: 00BBB1FD
                                                        • AttachThreadInput.USER32(?,?,00000000,?,?,?,?,?,00BBA1E1,?,00000001), ref: 00BBB212
                                                        • AttachThreadInput.USER32(00000000,?,00000000,?,?,?,?,?,00BBA1E1,?,00000001), ref: 00BBB21D
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: Thread$AttachInput$Window$Process$CurrentForeground
                                                        • String ID:
                                                        • API String ID: 2156557900-0
                                                        • Opcode ID: 2d58713e86f7d44b16e323eb2a192f6b3dd0f7384c0d3d0d3412d0264358e0ca
                                                        • Instruction ID: 6464ab15e595a7be994d19c3b27908d9b687bc30a5b3dee137ee9d35d8e05bb3
                                                        • Opcode Fuzzy Hash: 2d58713e86f7d44b16e323eb2a192f6b3dd0f7384c0d3d0d3412d0264358e0ca
                                                        • Instruction Fuzzy Hash: 0E317871620244AFDB209F24DC88FBE7FA9EB51311F204049FA11EB190DBF89E428F60
                                                        Function 00B82C80 Relevance: 15.1, APIs: 10, Instructions: 54COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • _free.LIBCMT ref: 00B82C94
                                                          • Part of subcall function 00B829C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00B8D7D1,00000000,00000000,00000000,00000000,?,00B8D7F8,00000000,00000007,00000000,?,00B8DBF5,00000000), ref: 00B829DE
                                                          • Part of subcall function 00B829C8: GetLastError.KERNEL32(00000000,?,00B8D7D1,00000000,00000000,00000000,00000000,?,00B8D7F8,00000000,00000007,00000000,?,00B8DBF5,00000000,00000000), ref: 00B829F0
                                                        • _free.LIBCMT ref: 00B82CA0
                                                        • _free.LIBCMT ref: 00B82CAB
                                                        • _free.LIBCMT ref: 00B82CB6
                                                        • _free.LIBCMT ref: 00B82CC1
                                                        • _free.LIBCMT ref: 00B82CCC
                                                        • _free.LIBCMT ref: 00B82CD7
                                                        • _free.LIBCMT ref: 00B82CE2
                                                        • _free.LIBCMT ref: 00B82CED
                                                        • _free.LIBCMT ref: 00B82CFB
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: _free$ErrorFreeHeapLast
                                                        • String ID:
                                                        • API String ID: 776569668-0
                                                        • Opcode ID: cd7c7dc019522607e12fb77e05cff7de05b66c14333ea6abcb9a748c47ceda8f
                                                        • Instruction ID: 99db0a59f9512cd87ef1f3b668c40559fe26ee6b2c7fc556ad275afcb72f60a1
                                                        • Opcode Fuzzy Hash: cd7c7dc019522607e12fb77e05cff7de05b66c14333ea6abcb9a748c47ceda8f
                                                        • Instruction Fuzzy Hash: E8116F76500108AFCB02FF94D982CDD3BA9FF05350F9245A5FA489B332DA35EA50DB90
                                                        Function 00BC7DF0 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 230COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00BC7FAD
                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 00BC7FC1
                                                        • GetFileAttributesW.KERNEL32(?), ref: 00BC7FEB
                                                        • SetFileAttributesW.KERNEL32(?,00000000), ref: 00BC8005
                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 00BC8017
                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 00BC8060
                                                        • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 00BC80B0
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: CurrentDirectory$AttributesFile
                                                        • String ID: *.*
                                                        • API String ID: 769691225-438819550
                                                        • Opcode ID: 8de5c916b92a9bd2fd0ef72fa134853087c1e8db904b793a94753cc2fff61f81
                                                        • Instruction ID: faea0083214b9d74eee6e0de1d66f5d6dcdc9df53f4d7b3846738f5e301493e8
                                                        • Opcode Fuzzy Hash: 8de5c916b92a9bd2fd0ef72fa134853087c1e8db904b793a94753cc2fff61f81
                                                        • Instruction Fuzzy Hash: 5A818F725482429BCB20DF14C884FAAB7E9FB85350F1448DEF889D7250EB34DD498B92
                                                        Function 00B55BEA Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 184windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetWindowLongW.USER32(?,000000EB), ref: 00B55C7A
                                                          • Part of subcall function 00B55D0A: GetClientRect.USER32(?,?), ref: 00B55D30
                                                          • Part of subcall function 00B55D0A: GetWindowRect.USER32(?,?), ref: 00B55D71
                                                          • Part of subcall function 00B55D0A: ScreenToClient.USER32(?,?), ref: 00B55D99
                                                        • GetDC.USER32 ref: 00B946F5
                                                        • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 00B94708
                                                        • SelectObject.GDI32(00000000,00000000), ref: 00B94716
                                                        • SelectObject.GDI32(00000000,00000000), ref: 00B9472B
                                                        • ReleaseDC.USER32(?,00000000), ref: 00B94733
                                                        • MoveWindow.USER32(?,?,?,?,?,?,?,00000031,00000000,00000000), ref: 00B947C4
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: Window$ClientObjectRectSelect$LongMessageMoveReleaseScreenSend
                                                        • String ID: U
                                                        • API String ID: 4009187628-3372436214
                                                        • Opcode ID: ee0e13ab00bd411b720fd186888167da7c0673de4050fd024513c0d10978352d
                                                        • Instruction ID: 1895cb8be75472987fb29da207a9a2e54df05f818acf9b901568624dfc8e9d2b
                                                        • Opcode Fuzzy Hash: ee0e13ab00bd411b720fd186888167da7c0673de4050fd024513c0d10978352d
                                                        • Instruction Fuzzy Hash: D671AC31400209DFCF218FA4C984EAA3BF5EF4A366F1842F9ED555A2A6C7359C42DB60
                                                        Function 00BC359C Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 150COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • LoadStringW.USER32(00000066,?,00000FFF,00000000), ref: 00BC35E4
                                                          • Part of subcall function 00B59CB3: _wcslen.LIBCMT ref: 00B59CBD
                                                        • LoadStringW.USER32(00C22390,?,00000FFF,?), ref: 00BC360A
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: LoadString$_wcslen
                                                        • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
                                                        • API String ID: 4099089115-2391861430
                                                        • Opcode ID: 6df7ebb5f3bf99bb4ee46941ed38a1f3fc8fbeae3c92e936f943136e17cfa621
                                                        • Instruction ID: f1825bc6b2e77cfcdd1d45f3b907f0ff2ba40694e302a354d607c030068a10c2
                                                        • Opcode Fuzzy Hash: 6df7ebb5f3bf99bb4ee46941ed38a1f3fc8fbeae3c92e936f943136e17cfa621
                                                        • Instruction Fuzzy Hash: 97516D72900209BACF14EBA0CC42FEDBBF5EF14741F5441E5F905721A1EB311A99DBA4
                                                        Function 00BE8B02 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 149windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00B69BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00B69BB2
                                                          • Part of subcall function 00B6912D: GetCursorPos.USER32(?), ref: 00B69141
                                                          • Part of subcall function 00B6912D: ScreenToClient.USER32(00000000,?), ref: 00B6915E
                                                          • Part of subcall function 00B6912D: GetAsyncKeyState.USER32(00000001), ref: 00B69183
                                                          • Part of subcall function 00B6912D: GetAsyncKeyState.USER32(00000002), ref: 00B6919D
                                                        • ImageList_DragLeave.COMCTL32(00000000,00000000,00000001,?,?,?,?), ref: 00BE8B6B
                                                        • ImageList_EndDrag.COMCTL32 ref: 00BE8B71
                                                        • ReleaseCapture.USER32 ref: 00BE8B77
                                                        • SetWindowTextW.USER32(?,00000000), ref: 00BE8C12
                                                        • SendMessageW.USER32(?,000000B1,00000000,000000FF), ref: 00BE8C25
                                                        • DefDlgProcW.USER32(?,00000202,?,?,00000000,00000001,?,?,?,?), ref: 00BE8CFF
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: AsyncDragImageList_StateWindow$CaptureClientCursorLeaveLongMessageProcReleaseScreenSendText
                                                        • String ID: @GUI_DRAGFILE$@GUI_DROPID
                                                        • API String ID: 1924731296-2107944366
                                                        • Opcode ID: aa8e7f499e7878bf1898d34b237e64463b8b3e7296d57e8979165c2fbea2dfad
                                                        • Instruction ID: c0a20a65d188c09a4d8ec4418b0ac96b2cd616b2134a51f82c4d95ae129c10ca
                                                        • Opcode Fuzzy Hash: aa8e7f499e7878bf1898d34b237e64463b8b3e7296d57e8979165c2fbea2dfad
                                                        • Instruction Fuzzy Hash: 4151AC70104340AFD710EF24DC96BAE7BE4FB89714F1006ADF956A72E1CB709949CB62
                                                        Function 00BCC253 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 94networkCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 00BCC272
                                                        • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00BCC29A
                                                        • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 00BCC2CA
                                                        • GetLastError.KERNEL32 ref: 00BCC322
                                                        • SetEvent.KERNEL32(?), ref: 00BCC336
                                                        • InternetCloseHandle.WININET(00000000), ref: 00BCC341
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: HttpInternet$CloseErrorEventHandleInfoLastOpenQueryRequestSend
                                                        • String ID:
                                                        • API String ID: 3113390036-3916222277
                                                        • Opcode ID: 95f973fa79197e961db500f5a0fcce2e7955e371c373836855847248a97eeca4
                                                        • Instruction ID: cf5b65d09ad1aa44d9b68121e100736a3e5179740c31ec331292895528bbda69
                                                        • Opcode Fuzzy Hash: 95f973fa79197e961db500f5a0fcce2e7955e371c373836855847248a97eeca4
                                                        • Instruction Fuzzy Hash: 7E319AB1600248AFD7219FA49C88FAB7FFCEBA9740B14855EF44AD7201DB30ED458B65
                                                        Function 00BB989B Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 74windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,00000000,?,00B93AAF,?,?,Bad directive syntax error,00BECC08,00000000,00000010,?,?,>>>AUTOIT SCRIPT<<<), ref: 00BB98BC
                                                        • LoadStringW.USER32(00000000,?,00B93AAF,?), ref: 00BB98C3
                                                          • Part of subcall function 00B59CB3: _wcslen.LIBCMT ref: 00B59CBD
                                                        • MessageBoxW.USER32(00000000,00000001,00000001,00011010), ref: 00BB9987
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: HandleLoadMessageModuleString_wcslen
                                                        • String ID: Error: $%s (%d) : ==> %s.: %s %s$.$Line %d (File "%s"):$Line %d:
                                                        • API String ID: 858772685-4153970271
                                                        • Opcode ID: 52051f3456a991cf9361df309b92e5742fa935f837af884ecad1198658114b33
                                                        • Instruction ID: 1cfe067c137d13b27edc081453312bef0d769f399e484c716be04e103ba039d5
                                                        • Opcode Fuzzy Hash: 52051f3456a991cf9361df309b92e5742fa935f837af884ecad1198658114b33
                                                        • Instruction Fuzzy Hash: 1A218B3280021EEBCF11AF90CC46EFE77B5FF19701F0844A9FA15660A2EB719A58DB10
                                                        Function 00BB209F Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 71windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetParent.USER32 ref: 00BB20AB
                                                        • GetClassNameW.USER32(00000000,?,00000100), ref: 00BB20C0
                                                        • SendMessageW.USER32(00000000,00000111,0000702B,00000000), ref: 00BB214D
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: ClassMessageNameParentSend
                                                        • String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
                                                        • API String ID: 1290815626-3381328864
                                                        • Opcode ID: 2a7553fbef2416c2030673d2316d12b7222e7ae59a8255587b0e1d4394d64d8a
                                                        • Instruction ID: b53faf6f79e5042a027de827c2f5ee2ce28db62586cc341d989d5031abd86bba
                                                        • Opcode Fuzzy Hash: 2a7553fbef2416c2030673d2316d12b7222e7ae59a8255587b0e1d4394d64d8a
                                                        • Instruction Fuzzy Hash: 33110676688706BBFA012324DC06DF737DCCB45325B2040A6FB08F60D1EFE568426A14
                                                        Function 00B88D45 Relevance: 13.8, APIs: 9, Instructions: 300COMMONLIBRARYCODE
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: eaa39cc04d70f54606a5239377b3542eb87b09829dc0b6a1c1049c3d922d6bdc
                                                        • Instruction ID: b85ac507f92c73478d51727b8bd9f4e54e2b1347ecad6165bf23010bbdc40422
                                                        • Opcode Fuzzy Hash: eaa39cc04d70f54606a5239377b3542eb87b09829dc0b6a1c1049c3d922d6bdc
                                                        • Instruction Fuzzy Hash: 7BC1A174904249AFDF21EFA8D881BBDBBF0AF09310F1841D9F955A73A2C7349941CB65
                                                        Function 00B8CE90 Relevance: 13.7, APIs: 9, Instructions: 209COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: _free$EnvironmentVariable___from_strstr_to_strchr
                                                        • String ID:
                                                        • API String ID: 1282221369-0
                                                        • Opcode ID: ab843d620bb4c8f054e545feaa3666a29ebadda8a218b381052dd3b14fe152b4
                                                        • Instruction ID: ebdb9c882eb0b4e7b4abf0a4659f8df51b9743b441fcf20a1dcdc95ca807742f
                                                        • Opcode Fuzzy Hash: ab843d620bb4c8f054e545feaa3666a29ebadda8a218b381052dd3b14fe152b4
                                                        • Instruction Fuzzy Hash: F961F4B1905201ABEB21BFB49891B6D7FE5EF05310F1441EFFA44A72A2D6359D06C760
                                                        Function 00BE50D4 Relevance: 13.7, APIs: 9, Instructions: 162windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SendMessageW.USER32(?,00002001,00000000,00000000), ref: 00BE5186
                                                        • ShowWindow.USER32(?,00000000), ref: 00BE51C7
                                                        • ShowWindow.USER32(?,00000005,?,00000000), ref: 00BE51CD
                                                        • SetFocus.USER32(?,?,00000005,?,00000000), ref: 00BE51D1
                                                          • Part of subcall function 00BE6FBA: DeleteObject.GDI32(00000000), ref: 00BE6FE6
                                                        • GetWindowLongW.USER32(?,000000F0), ref: 00BE520D
                                                        • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00BE521A
                                                        • InvalidateRect.USER32(?,00000000,00000001,?,00000001), ref: 00BE524D
                                                        • SendMessageW.USER32(?,00001001,00000000,000000FE), ref: 00BE5287
                                                        • SendMessageW.USER32(?,00001026,00000000,000000FE), ref: 00BE5296
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: Window$MessageSend$LongShow$DeleteFocusInvalidateObjectRect
                                                        • String ID:
                                                        • API String ID: 3210457359-0
                                                        • Opcode ID: 84a67dfbf37022bdbff1211bb3ab626f4b5ddcfbbc1e7279c03e006a57842327
                                                        • Instruction ID: e9eed209b79bc9e924f31644f479b1a26cd62fac5d2d7f42e37de1eaf5b21a93
                                                        • Opcode Fuzzy Hash: 84a67dfbf37022bdbff1211bb3ab626f4b5ddcfbbc1e7279c03e006a57842327
                                                        • Instruction Fuzzy Hash: D451B730A50A88BFEF309F26CC85BD93BE5FB05329F148191FA15AA2E1C7759980DB41
                                                        Function 00B68B06 Relevance: 13.7, APIs: 9, Instructions: 155windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • LoadImageW.USER32(00000000,?,?,00000010,00000010,00000010), ref: 00BA6890
                                                        • ExtractIconExW.SHELL32(?,?,00000000,00000000,00000001), ref: 00BA68A9
                                                        • LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00000050), ref: 00BA68B9
                                                        • ExtractIconExW.SHELL32(?,?,?,00000000,00000001), ref: 00BA68D1
                                                        • SendMessageW.USER32(00000000,00000080,00000000,00000000), ref: 00BA68F2
                                                        • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,00B68874,00000000,00000000,00000000,000000FF,00000000), ref: 00BA6901
                                                        • SendMessageW.USER32(00000000,00000080,00000001,00000000), ref: 00BA691E
                                                        • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,00B68874,00000000,00000000,00000000,000000FF,00000000), ref: 00BA692D
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: Icon$DestroyExtractImageLoadMessageSend
                                                        • String ID:
                                                        • API String ID: 1268354404-0
                                                        • Opcode ID: 19499fee3f26afa3cead1dd8fdfc936bf2cd67c8b5a1566aa9efc6cd204b91f3
                                                        • Instruction ID: 07ec1ad5ea61e34c538d087df839f8cc5e764668c68ec648eada79d72de31a80
                                                        • Opcode Fuzzy Hash: 19499fee3f26afa3cead1dd8fdfc936bf2cd67c8b5a1566aa9efc6cd204b91f3
                                                        • Instruction Fuzzy Hash: 6551A8B0600209EFDB20CF24CC95FAA3BF5FB58760F184658F9169B2A0DB75E981DB40
                                                        Function 00BCC143 Relevance: 13.6, APIs: 9, Instructions: 95networkCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 00BCC182
                                                        • GetLastError.KERNEL32 ref: 00BCC195
                                                        • SetEvent.KERNEL32(?), ref: 00BCC1A9
                                                          • Part of subcall function 00BCC253: InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 00BCC272
                                                          • Part of subcall function 00BCC253: GetLastError.KERNEL32 ref: 00BCC322
                                                          • Part of subcall function 00BCC253: SetEvent.KERNEL32(?), ref: 00BCC336
                                                          • Part of subcall function 00BCC253: InternetCloseHandle.WININET(00000000), ref: 00BCC341
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: Internet$ErrorEventLast$CloseConnectHandleOpen
                                                        • String ID:
                                                        • API String ID: 337547030-0
                                                        • Opcode ID: 7f4266da5b171aac316d6942ed28a9682e2417b3f9242a0c18d67b438eb4caed
                                                        • Instruction ID: 306098acff297d6cdc638ca59010b20025a1739ea63b151581eb4af6f8041f78
                                                        • Opcode Fuzzy Hash: 7f4266da5b171aac316d6942ed28a9682e2417b3f9242a0c18d67b438eb4caed
                                                        • Instruction Fuzzy Hash: 23318B71600645AFDB219FA5DC84F66BFF9FF28300B04846DF95A9B610DB30E815ABA0
                                                        Function 00BB25A2 Relevance: 13.6, APIs: 9, Instructions: 60sleepkeyboardwindowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00BB3A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00BB3A57
                                                          • Part of subcall function 00BB3A3D: GetCurrentThreadId.KERNEL32 ref: 00BB3A5E
                                                          • Part of subcall function 00BB3A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,00BB25B3), ref: 00BB3A65
                                                        • MapVirtualKeyW.USER32(00000025,00000000), ref: 00BB25BD
                                                        • PostMessageW.USER32(?,00000100,00000025,00000000), ref: 00BB25DB
                                                        • Sleep.KERNEL32(00000000,?,00000100,00000025,00000000), ref: 00BB25DF
                                                        • MapVirtualKeyW.USER32(00000025,00000000), ref: 00BB25E9
                                                        • PostMessageW.USER32(?,00000100,00000027,00000000), ref: 00BB2601
                                                        • Sleep.KERNEL32(00000000,?,00000100,00000027,00000000), ref: 00BB2605
                                                        • MapVirtualKeyW.USER32(00000025,00000000), ref: 00BB260F
                                                        • PostMessageW.USER32(?,00000101,00000027,00000000), ref: 00BB2623
                                                        • Sleep.KERNEL32(00000000,?,00000101,00000027,00000000,?,00000100,00000027,00000000), ref: 00BB2627
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: MessagePostSleepThreadVirtual$AttachCurrentInputProcessWindow
                                                        • String ID:
                                                        • API String ID: 2014098862-0
                                                        • Opcode ID: 80ef10418c56f0b2f661645d71b7a27833b771c99d196da4e89284158530109a
                                                        • Instruction ID: 227d1f62d585d5402b20809dd46f1d08fb672a4b23e1bbdc06af129472f7d651
                                                        • Opcode Fuzzy Hash: 80ef10418c56f0b2f661645d71b7a27833b771c99d196da4e89284158530109a
                                                        • Instruction Fuzzy Hash: 5F01D830390250BBFB1067699CCAFA93F99DB4EB12F200011F314AF0D1CDE114458A6A
                                                        Function 00BB1803 Relevance: 13.5, APIs: 9, Instructions: 49memorythreadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetProcessHeap.KERNEL32(00000008,0000000C,?,00000000,?,00BB1449,?,?,00000000), ref: 00BB180C
                                                        • HeapAlloc.KERNEL32(00000000,?,00BB1449,?,?,00000000), ref: 00BB1813
                                                        • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00BB1449,?,?,00000000), ref: 00BB1828
                                                        • GetCurrentProcess.KERNEL32(?,00000000,?,00BB1449,?,?,00000000), ref: 00BB1830
                                                        • DuplicateHandle.KERNEL32(00000000,?,00BB1449,?,?,00000000), ref: 00BB1833
                                                        • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00BB1449,?,?,00000000), ref: 00BB1843
                                                        • GetCurrentProcess.KERNEL32(00BB1449,00000000,?,00BB1449,?,?,00000000), ref: 00BB184B
                                                        • DuplicateHandle.KERNEL32(00000000,?,00BB1449,?,?,00000000), ref: 00BB184E
                                                        • CreateThread.KERNEL32(00000000,00000000,00BB1874,00000000,00000000,00000000), ref: 00BB1868
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: Process$Current$DuplicateHandleHeap$AllocCreateThread
                                                        • String ID:
                                                        • API String ID: 1957940570-0
                                                        • Opcode ID: ec9a4cb0b46608589f0c10fb39bde24bc0446d179a22ef1d6af50b4defd74ffb
                                                        • Instruction ID: bdc5a3dc1031fa04d7ee0ceddbfb38fac958dae5d5e3476e61dd927b9b391807
                                                        • Opcode Fuzzy Hash: ec9a4cb0b46608589f0c10fb39bde24bc0446d179a22ef1d6af50b4defd74ffb
                                                        • Instruction Fuzzy Hash: 0801BBB5240348BFE710ABA5DC8DF6B3FACEB89B11F504511FA05DF1A1CA709801CB21
                                                        Function 00BDA0E2 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 160COMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00BBD4DC: CreateToolhelp32Snapshot.KERNEL32 ref: 00BBD501
                                                          • Part of subcall function 00BBD4DC: Process32FirstW.KERNEL32(00000000,?), ref: 00BBD50F
                                                          • Part of subcall function 00BBD4DC: CloseHandle.KERNEL32(00000000), ref: 00BBD5DC
                                                        • OpenProcess.KERNEL32(00000001,00000000,?), ref: 00BDA16D
                                                        • GetLastError.KERNEL32 ref: 00BDA180
                                                        • OpenProcess.KERNEL32(00000001,00000000,?), ref: 00BDA1B3
                                                        • TerminateProcess.KERNEL32(00000000,00000000), ref: 00BDA268
                                                        • GetLastError.KERNEL32(00000000), ref: 00BDA273
                                                        • CloseHandle.KERNEL32(00000000), ref: 00BDA2C4
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: Process$CloseErrorHandleLastOpen$CreateFirstProcess32SnapshotTerminateToolhelp32
                                                        • String ID: SeDebugPrivilege
                                                        • API String ID: 2533919879-2896544425
                                                        • Opcode ID: 5ddd8cda4c0098b575c0d198cd41d9d00ad20161d7bd1692746442a45f52fab4
                                                        • Instruction ID: 1e6c51dad86c65a9ed33d03c3d3063b02eb4c6cf6a63c1977625ce48f8ee4e5c
                                                        • Opcode Fuzzy Hash: 5ddd8cda4c0098b575c0d198cd41d9d00ad20161d7bd1692746442a45f52fab4
                                                        • Instruction Fuzzy Hash: F9617C312042429FD710DF19C894F26BBE1AF44318F5484DDE86A4B7A3D776ED49CB92
                                                        Function 00BE3886 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 141windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SendMessageW.USER32(00000000,00001036,00000010,00000010), ref: 00BE3925
                                                        • SendMessageW.USER32(00000000,00001036,00000000,?), ref: 00BE393A
                                                        • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 00BE3954
                                                        • _wcslen.LIBCMT ref: 00BE3999
                                                        • SendMessageW.USER32(?,00001057,00000000,?), ref: 00BE39C6
                                                        • SendMessageW.USER32(?,00001061,?,0000000F), ref: 00BE39F4
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: MessageSend$Window_wcslen
                                                        • String ID: SysListView32
                                                        • API String ID: 2147712094-78025650
                                                        • Opcode ID: 7793d8cd65358f3b1f51ae7133667c01f98987d5b209d2f666181d86081fea3e
                                                        • Instruction ID: 7d8a18c78d4d4eebba87979c479ff8a44576db87e02c3be85d489272e41c96e5
                                                        • Opcode Fuzzy Hash: 7793d8cd65358f3b1f51ae7133667c01f98987d5b209d2f666181d86081fea3e
                                                        • Instruction Fuzzy Hash: 9641C471A00258ABDF219F65CC89BEA7BE9EF08750F100566F959E7281D7719E80CB90
                                                        Function 00BBBC5E Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 137windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00BBBCFD
                                                        • IsMenu.USER32(00000000), ref: 00BBBD1D
                                                        • CreatePopupMenu.USER32 ref: 00BBBD53
                                                        • GetMenuItemCount.USER32(015DE9B8), ref: 00BBBDA4
                                                        • InsertMenuItemW.USER32(015DE9B8,?,00000001,00000030), ref: 00BBBDCC
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: Menu$Item$CountCreateInfoInsertPopup
                                                        • String ID: 0$2
                                                        • API String ID: 93392585-3793063076
                                                        • Opcode ID: ee07655d2841b69fda65bfe14dae9c321685e612e0b5b4f5962ccd13f2655342
                                                        • Instruction ID: 617a5e73f6a5cdd87c6f44e28ddd7f1de6e184d15e41148f31d98238645630ff
                                                        • Opcode Fuzzy Hash: ee07655d2841b69fda65bfe14dae9c321685e612e0b5b4f5962ccd13f2655342
                                                        • Instruction Fuzzy Hash: 92516970A04205ABDF20CFA8D8C4FFEBBE4EF55314F1446A9E4119B291D7F89941CB61
                                                        Function 00BBC874 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 81windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • LoadIconW.USER32(00000000,00007F03), ref: 00BBC913
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: IconLoad
                                                        • String ID: blank$info$question$stop$warning
                                                        • API String ID: 2457776203-404129466
                                                        • Opcode ID: 1cc0ec148152e1a1b5be125c532eb451f1e3c65ab7791fab86ab36ae14546fda
                                                        • Instruction ID: f4fd3dc0d92a6d6efa43328e17809c809c48ff8eaf824be39c1f06ff51333b58
                                                        • Opcode Fuzzy Hash: 1cc0ec148152e1a1b5be125c532eb451f1e3c65ab7791fab86ab36ae14546fda
                                                        • Instruction Fuzzy Hash: 2611E732689306BBF702DB549CC2CFA6BDCDF56365B2040BAF544E62C2E7E05E4062A4
                                                        Function 00BBDE27 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 70networkCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: CleanupStartup_strcatgethostbynamegethostnameinet_ntoa
                                                        • String ID: 0.0.0.0
                                                        • API String ID: 642191829-3771769585
                                                        • Opcode ID: 4c44b12f99ec48d4f10e08a7c04c3049702c829b11613481ff2cb109cddc3ce9
                                                        • Instruction ID: 0e12da3ede889c24b8f44af8f3d088bf6c7c20d4f57a9ad2c6e94dfad6ad901a
                                                        • Opcode Fuzzy Hash: 4c44b12f99ec48d4f10e08a7c04c3049702c829b11613481ff2cb109cddc3ce9
                                                        • Instruction Fuzzy Hash: 5411E431904204AFDB20AB20DC8AEFE7BECDF11711F0001E9F519AB091FFB5CA828A50
                                                        Function 00BE9F86 Relevance: 12.3, APIs: 8, Instructions: 260windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00B69BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00B69BB2
                                                        • GetSystemMetrics.USER32(0000000F), ref: 00BE9FC7
                                                        • GetSystemMetrics.USER32(0000000F), ref: 00BE9FE7
                                                        • MoveWindow.USER32(00000003,?,?,?,?,00000000,?,?,?), ref: 00BEA224
                                                        • SendMessageW.USER32(00000003,00000142,00000000,0000FFFF), ref: 00BEA242
                                                        • SendMessageW.USER32(00000003,00000469,?,00000000), ref: 00BEA263
                                                        • ShowWindow.USER32(00000003,00000000), ref: 00BEA282
                                                        • InvalidateRect.USER32(?,00000000,00000001), ref: 00BEA2A7
                                                        • DefDlgProcW.USER32(?,00000005,?,?), ref: 00BEA2CA
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: Window$MessageMetricsSendSystem$InvalidateLongMoveProcRectShow
                                                        • String ID:
                                                        • API String ID: 1211466189-0
                                                        • Opcode ID: 90ed4906f4578004fe131ed93942ad0e5986dc15536dbd46d4167962e7f64786
                                                        • Instruction ID: 3c3ac54e83ef88cfa0f95976f53e28178177ba39b8d0e7ed59bf3d6aa57381e8
                                                        • Opcode Fuzzy Hash: 90ed4906f4578004fe131ed93942ad0e5986dc15536dbd46d4167962e7f64786
                                                        • Instruction Fuzzy Hash: ABB1A731600255AFDF14CF6AC9C57AE7BF6FF44701F0880A9ED49AB295DB31AA40CB52
                                                        Function 00BBED19 Relevance: 12.1, APIs: 8, Instructions: 137timeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: _wcslen$LocalTime
                                                        • String ID:
                                                        • API String ID: 952045576-0
                                                        • Opcode ID: 1e3ac667b1b2fb42d90284861b31a2d11e78558b66bb863fa88176221dc8c650
                                                        • Instruction ID: 42e9e950f490e6acae549e996dcfcd0681ad94a7715bf31338a78669b8cf2750
                                                        • Opcode Fuzzy Hash: 1e3ac667b1b2fb42d90284861b31a2d11e78558b66bb863fa88176221dc8c650
                                                        • Instruction Fuzzy Hash: 7041D365C102187ACB51EBF4C88A9DFB7F8AF45300F00C5A6E528E3122FB34E645C3A6
                                                        Function 00B6F8D8 Relevance: 12.1, APIs: 8, Instructions: 124COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,00BA682C,00000004,00000000,00000000), ref: 00B6F953
                                                        • ShowWindow.USER32(FFFFFFFF,00000006,?,00000000,?,00BA682C,00000004,00000000,00000000), ref: 00BAF3D1
                                                        • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,00BA682C,00000004,00000000,00000000), ref: 00BAF454
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: ShowWindow
                                                        • String ID:
                                                        • API String ID: 1268545403-0
                                                        • Opcode ID: de605f5b04e35572db40489fae705fdc2295377b5b9e2eb062a24f9a63a3bb48
                                                        • Instruction ID: 3a73c8b1f65c88b2f684c1c1b51e696cd65c0b6744c9e41edce3e00d5d968e97
                                                        • Opcode Fuzzy Hash: de605f5b04e35572db40489fae705fdc2295377b5b9e2eb062a24f9a63a3bb48
                                                        • Instruction Fuzzy Hash: 36412C31508782BADB389B69E8C877A7FE1EB57314F1444BCE497576E0CA39D881C711
                                                        Function 00BE2D03 Relevance: 12.1, APIs: 8, Instructions: 95windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • DeleteObject.GDI32(00000000), ref: 00BE2D1B
                                                        • GetDC.USER32(00000000), ref: 00BE2D23
                                                        • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00BE2D2E
                                                        • ReleaseDC.USER32(00000000,00000000), ref: 00BE2D3A
                                                        • CreateFontW.GDI32(?,00000000,00000000,00000000,?,00000000,00000000,00000000,00000001,00000004,00000000,?,00000000,?), ref: 00BE2D76
                                                        • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 00BE2D87
                                                        • MoveWindow.USER32(?,?,?,?,?,00000000,?,?,00BE5A65,?,?,000000FF,00000000,?,000000FF,?), ref: 00BE2DC2
                                                        • SendMessageW.USER32(?,00000142,00000000,00000000), ref: 00BE2DE1
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
                                                        • String ID:
                                                        • API String ID: 3864802216-0
                                                        • Opcode ID: 320188eda2f526893463e885f4a8e190a4cd30b0872bc6bd132b78f5250490ab
                                                        • Instruction ID: 446401961345d6aae556943531367469e0105398966a037cddd8eec501d0c3c4
                                                        • Opcode Fuzzy Hash: 320188eda2f526893463e885f4a8e190a4cd30b0872bc6bd132b78f5250490ab
                                                        • Instruction Fuzzy Hash: BE315A72201294BFEB118F558C8AFAB3FADEB49715F044065FE089B291CA759C51CBA4
                                                        Function 00BB5622 Relevance: 12.1, APIs: 8, Instructions: 92COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: _memcmp
                                                        • String ID:
                                                        • API String ID: 2931989736-0
                                                        • Opcode ID: b71b40c676c618ff8ba03c3221419e7e0f3302595fb9b8d2643dbb509527df65
                                                        • Instruction ID: e353e65a663349293536faaf64aa647f914374d2d75e9116bbe13b7cd4825fa7
                                                        • Opcode Fuzzy Hash: b71b40c676c618ff8ba03c3221419e7e0f3302595fb9b8d2643dbb509527df65
                                                        • Instruction Fuzzy Hash: FE21CF717409097BE6245D255D82FFA33DCEF21384F5444E0FD055A681F7A0EE1181B6
                                                        Function 00BD4FAE Relevance: 10.9, APIs: 4, Strings: 2, Instructions: 359COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: NULL Pointer assignment$Not an Object type
                                                        • API String ID: 0-572801152
                                                        • Opcode ID: 3476e4e496f007b35d6ce8d6d48aadd663b4d922f1f0be822ff2243d70e1c974
                                                        • Instruction ID: 3e4e368109553927fea77d1414b36093597aa356a29a436bd11157e4717685f7
                                                        • Opcode Fuzzy Hash: 3476e4e496f007b35d6ce8d6d48aadd663b4d922f1f0be822ff2243d70e1c974
                                                        • Instruction Fuzzy Hash: 4ED17E71A0060A9FDB24CF98C881BAEB7F5FF48354F1481AAE915AB381E770DD45CB50
                                                        Function 00B91522 Relevance: 10.8, APIs: 7, Instructions: 268COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetCPInfo.KERNEL32(00000000,00000000,?,7FFFFFFF,?,?,00B917FB,00000000,00000000,?,00000000,?,?,?,?,00000000), ref: 00B915CE
                                                        • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000000,00000000,00000000,?,00B917FB,00000000,00000000,?,00000000,?,?,?,?), ref: 00B91651
                                                        • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,00B917FB,?,00B917FB,00000000,00000000,?,00000000,?,?,?,?), ref: 00B916E4
                                                        • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000000,00000000,00000000,?,00B917FB,00000000,00000000,?,00000000,?,?,?,?), ref: 00B916FB
                                                          • Part of subcall function 00B83820: RtlAllocateHeap.NTDLL(00000000,?,00C21444,?,00B6FDF5,?,?,00B5A976,00000010,00C21440,00B513FC,?,00B513C6,?,00B51129), ref: 00B83852
                                                        • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,00000000,?,00B917FB,00000000,00000000,?,00000000,?,?,?,?), ref: 00B91777
                                                        • __freea.LIBCMT ref: 00B917A2
                                                        • __freea.LIBCMT ref: 00B917AE
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: ByteCharMultiWide$__freea$AllocateHeapInfo
                                                        • String ID:
                                                        • API String ID: 2829977744-0
                                                        • Opcode ID: 54db0ccb9b063d2df4988797d77b1b5c02baebe72965aa1ff7448786e4aec19e
                                                        • Instruction ID: c4a4fa36be0a2ca1e5ad7b788bb9b4f292d68adb40bc245de596a2279bfd5a9b
                                                        • Opcode Fuzzy Hash: 54db0ccb9b063d2df4988797d77b1b5c02baebe72965aa1ff7448786e4aec19e
                                                        • Instruction Fuzzy Hash: F491D672E002179ADF208EB8C881AEE7BF5DF59710F1A4AB9E801E7191DB35CC40D760
                                                        Function 00BD4523 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 262COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: Variant$ClearInit
                                                        • String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
                                                        • API String ID: 2610073882-625585964
                                                        • Opcode ID: c6a4cb3f08530aa7192e1907ebfe815c16a6965b54c30c00104af3618e0631e8
                                                        • Instruction ID: f6d55b32882c3929d728021e436115da8626e4d407f60bc642b33d63b7f502a0
                                                        • Opcode Fuzzy Hash: c6a4cb3f08530aa7192e1907ebfe815c16a6965b54c30c00104af3618e0631e8
                                                        • Instruction Fuzzy Hash: 95915171A00215ABDF24CFA5D884FAEBBF8EF46714F10859AF515AB280E7709D45CFA0
                                                        Function 00BC1187 Relevance: 10.8, APIs: 7, Instructions: 254COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SafeArrayGetVartype.OLEAUT32(00000001,?), ref: 00BC125C
                                                        • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 00BC1284
                                                        • SafeArrayUnaccessData.OLEAUT32(00000001), ref: 00BC12A8
                                                        • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 00BC12D8
                                                        • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 00BC135F
                                                        • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 00BC13C4
                                                        • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 00BC1430
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: ArraySafe$Data$Access$UnaccessVartype
                                                        • String ID:
                                                        • API String ID: 2550207440-0
                                                        • Opcode ID: b6f1b6536ad5640458792bf6e3395d0c1eeecbb7c295a7a514bab4affd35e1bb
                                                        • Instruction ID: e5033b33787a5c050cbbd2de1997ef1803f29a0f11415c101e3abc18f9648871
                                                        • Opcode Fuzzy Hash: b6f1b6536ad5640458792bf6e3395d0c1eeecbb7c295a7a514bab4affd35e1bb
                                                        • Instruction Fuzzy Hash: 5E91EE75A00209AFDB00DF98C884FBEB7F5FF46315F1088A9E910EB292D774A941CB90
                                                        Function 00B6948A Relevance: 10.8, APIs: 7, Instructions: 254COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: ObjectSelect$BeginCreatePath
                                                        • String ID:
                                                        • API String ID: 3225163088-0
                                                        • Opcode ID: f712b5c2c722ff681cddff14ceb6dd74594654539b56c7dd58697989bf028f0f
                                                        • Instruction ID: 0ce8274bc5b32250a8ccc970ddc941f755da662b2159b4a2c9215f5f2dac58dc
                                                        • Opcode Fuzzy Hash: f712b5c2c722ff681cddff14ceb6dd74594654539b56c7dd58697989bf028f0f
                                                        • Instruction Fuzzy Hash: 91911571944219EFCB10CFA9CC84AEEBBF8FF49320F144599E516B7251D778AA42CB60
                                                        Function 00BD3947 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 240COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • VariantInit.OLEAUT32(?), ref: 00BD396B
                                                        • CharUpperBuffW.USER32(?,?), ref: 00BD3A7A
                                                        • _wcslen.LIBCMT ref: 00BD3A8A
                                                        • VariantClear.OLEAUT32(?), ref: 00BD3C1F
                                                          • Part of subcall function 00BC0CDF: VariantInit.OLEAUT32(00000000), ref: 00BC0D1F
                                                          • Part of subcall function 00BC0CDF: VariantCopy.OLEAUT32(?,?), ref: 00BC0D28
                                                          • Part of subcall function 00BC0CDF: VariantClear.OLEAUT32(?), ref: 00BC0D34
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: Variant$ClearInit$BuffCharCopyUpper_wcslen
                                                        • String ID: AUTOIT.ERROR$Incorrect Parameter format
                                                        • API String ID: 4137639002-1221869570
                                                        • Opcode ID: f9ee022756522dbd1b88b2c3d37e23d0b269ba7835ecd90ee238968b8bc0ad98
                                                        • Instruction ID: c00b22299429796afd598c6484b0821fb8c80ca4fbf410318deecbce165a791b
                                                        • Opcode Fuzzy Hash: f9ee022756522dbd1b88b2c3d37e23d0b269ba7835ecd90ee238968b8bc0ad98
                                                        • Instruction Fuzzy Hash: 689148756083059FC704DF24C49196AB7E4FF89714F1489AEF88A9B352EB30EE45CB92
                                                        Function 00BD4BAD Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 236COMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00BB000E: CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,00BAFF41,80070057,?,?,?,00BB035E), ref: 00BB002B
                                                          • Part of subcall function 00BB000E: ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00BAFF41,80070057,?,?), ref: 00BB0046
                                                          • Part of subcall function 00BB000E: lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00BAFF41,80070057,?,?), ref: 00BB0054
                                                          • Part of subcall function 00BB000E: CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00BAFF41,80070057,?), ref: 00BB0064
                                                        • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000,00000001,?,?), ref: 00BD4C51
                                                        • _wcslen.LIBCMT ref: 00BD4D59
                                                        • CoCreateInstanceEx.OLE32(?,00000000,00000015,?,00000001,?), ref: 00BD4DCF
                                                        • CoTaskMemFree.OLE32(?), ref: 00BD4DDA
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: FreeFromProgTask$CreateInitializeInstanceSecurity_wcslenlstrcmpi
                                                        • String ID: NULL Pointer assignment
                                                        • API String ID: 614568839-2785691316
                                                        • Opcode ID: 8faf346eb7f90e0e28ef313d2dbf30b60eca59ded0387633c265f98ed85e906c
                                                        • Instruction ID: 51b06e4a9325b95ac07ca22fe161a64a9c7135610d49fb584a4249108ce007e8
                                                        • Opcode Fuzzy Hash: 8faf346eb7f90e0e28ef313d2dbf30b60eca59ded0387633c265f98ed85e906c
                                                        • Instruction Fuzzy Hash: B391E771D00219EFDF14DFA4D891AEEB7B9FF08310F1085AAE919A7251EB709A458F60
                                                        Function 00BE20FD Relevance: 10.7, APIs: 7, Instructions: 196windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetMenu.USER32(?), ref: 00BE2183
                                                        • GetMenuItemCount.USER32(00000000), ref: 00BE21B5
                                                        • GetMenuStringW.USER32(00000000,00000000,?,00007FFF,00000400), ref: 00BE21DD
                                                        • _wcslen.LIBCMT ref: 00BE2213
                                                        • GetMenuItemID.USER32(?,?), ref: 00BE224D
                                                        • GetSubMenu.USER32(?,?), ref: 00BE225B
                                                          • Part of subcall function 00BB3A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00BB3A57
                                                          • Part of subcall function 00BB3A3D: GetCurrentThreadId.KERNEL32 ref: 00BB3A5E
                                                          • Part of subcall function 00BB3A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,00BB25B3), ref: 00BB3A65
                                                        • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 00BE22E3
                                                          • Part of subcall function 00BBE97B: Sleep.KERNEL32 ref: 00BBE9F3
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: Menu$Thread$Item$AttachCountCurrentInputMessagePostProcessSleepStringWindow_wcslen
                                                        • String ID:
                                                        • API String ID: 4196846111-0
                                                        • Opcode ID: 313556f265976566bb93a1381036a3b600c8a7bed73432c1938e529fcbdd3977
                                                        • Instruction ID: d3169d5d5461cc75e6f63b140bb733be638399a0ffdeed2163c27ec4d2139afb
                                                        • Opcode Fuzzy Hash: 313556f265976566bb93a1381036a3b600c8a7bed73432c1938e529fcbdd3977
                                                        • Instruction Fuzzy Hash: 36717D75A00245AFCB10DF65C885AAEBBF9EF48310F1484D9E916EB351DB34EE418B91
                                                        Function 00BE7E9E Relevance: 10.7, APIs: 7, Instructions: 193windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • IsWindow.USER32(015DEC88), ref: 00BE7F37
                                                        • IsWindowEnabled.USER32(015DEC88), ref: 00BE7F43
                                                        • SendMessageW.USER32(00000000,0000041C,00000000,00000000), ref: 00BE801E
                                                        • SendMessageW.USER32(015DEC88,000000B0,?,?), ref: 00BE8051
                                                        • IsDlgButtonChecked.USER32(?,?), ref: 00BE8089
                                                        • GetWindowLongW.USER32(015DEC88,000000EC), ref: 00BE80AB
                                                        • SendMessageW.USER32(?,000000A1,00000002,00000000), ref: 00BE80C3
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: MessageSendWindow$ButtonCheckedEnabledLong
                                                        • String ID:
                                                        • API String ID: 4072528602-0
                                                        • Opcode ID: 11bc9e041c8a3a0800649bb67b709e8cd2b9512add0e7351d2b794bf0674acc3
                                                        • Instruction ID: 2a7d87925a381d92f951af0570060744d736e28d292e4ec487b3f09f52692f6c
                                                        • Opcode Fuzzy Hash: 11bc9e041c8a3a0800649bb67b709e8cd2b9512add0e7351d2b794bf0674acc3
                                                        • Instruction Fuzzy Hash: 6B71AD346486C4AFEF259F66C8C4FAA7BF9EF19300F140499E94597262CF31AC45DB90
                                                        Function 00BBAEBA Relevance: 10.7, APIs: 7, Instructions: 162windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetParent.USER32(?), ref: 00BBAEF9
                                                        • GetKeyboardState.USER32(?), ref: 00BBAF0E
                                                        • SetKeyboardState.USER32(?), ref: 00BBAF6F
                                                        • PostMessageW.USER32(?,00000101,00000010,?), ref: 00BBAF9D
                                                        • PostMessageW.USER32(?,00000101,00000011,?), ref: 00BBAFBC
                                                        • PostMessageW.USER32(?,00000101,00000012,?), ref: 00BBAFFD
                                                        • PostMessageW.USER32(?,00000101,0000005B,?), ref: 00BBB020
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: MessagePost$KeyboardState$Parent
                                                        • String ID:
                                                        • API String ID: 87235514-0
                                                        • Opcode ID: 972a3327aec59955dc49d511ae039b26afcf40add531f703256dcc5a62c23ad3
                                                        • Instruction ID: d1e3a48dc3044c0c8beaf3702af966a8659e36308e148b65b1d7920fcfb61bc5
                                                        • Opcode Fuzzy Hash: 972a3327aec59955dc49d511ae039b26afcf40add531f703256dcc5a62c23ad3
                                                        • Instruction Fuzzy Hash: 8651A0A0A046D53EFB365234C845BFABEE99B06304F0885C9E1D9968C2C7D9E888D751
                                                        Function 00BBACDA Relevance: 10.7, APIs: 7, Instructions: 161windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetParent.USER32(00000000), ref: 00BBAD19
                                                        • GetKeyboardState.USER32(?), ref: 00BBAD2E
                                                        • SetKeyboardState.USER32(?), ref: 00BBAD8F
                                                        • PostMessageW.USER32(00000000,00000100,00000010,?), ref: 00BBADBB
                                                        • PostMessageW.USER32(00000000,00000100,00000011,?), ref: 00BBADD8
                                                        • PostMessageW.USER32(00000000,00000100,00000012,?), ref: 00BBAE17
                                                        • PostMessageW.USER32(00000000,00000100,0000005B,?), ref: 00BBAE38
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: MessagePost$KeyboardState$Parent
                                                        • String ID:
                                                        • API String ID: 87235514-0
                                                        • Opcode ID: 6c891177be391149ed8d8b6a18432777baef395299430fccbe695e76445d2281
                                                        • Instruction ID: daf987673068109a44c69e127ffa45ae6f7e0592cba75805ced52bab621af225
                                                        • Opcode Fuzzy Hash: 6c891177be391149ed8d8b6a18432777baef395299430fccbe695e76445d2281
                                                        • Instruction Fuzzy Hash: 0F51D2A19047D53EFB338324CC95BFABEE99B46300F0885D8E1D55A8C2C6D4EC88D762
                                                        Function 00B8542E Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMONLIBRARYCODE
                                                        Download Yara Rule
                                                        APIs
                                                        • GetConsoleCP.KERNEL32(00B93CD6,?,?,?,?,?,?,?,?,00B85BA3,?,?,00B93CD6,?,?), ref: 00B85470
                                                        • __fassign.LIBCMT ref: 00B854EB
                                                        • __fassign.LIBCMT ref: 00B85506
                                                        • WideCharToMultiByte.KERNEL32(?,00000000,?,00000001,00B93CD6,00000005,00000000,00000000), ref: 00B8552C
                                                        • WriteFile.KERNEL32(?,00B93CD6,00000000,00B85BA3,00000000,?,?,?,?,?,?,?,?,?,00B85BA3,?), ref: 00B8554B
                                                        • WriteFile.KERNEL32(?,?,00000001,00B85BA3,00000000,?,?,?,?,?,?,?,?,?,00B85BA3,?), ref: 00B85584
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                        • String ID:
                                                        • API String ID: 1324828854-0
                                                        • Opcode ID: 80f73c66cf6f5dc7c5dad6d5b5871d211b276f30d4289211b79f4a29705cfe9f
                                                        • Instruction ID: b053c323e01aea0521ea11ee60af0e4cdbc5e5ad45e80064be0806d99b6abf19
                                                        • Opcode Fuzzy Hash: 80f73c66cf6f5dc7c5dad6d5b5871d211b276f30d4289211b79f4a29705cfe9f
                                                        • Instruction Fuzzy Hash: A551C571A006499FDB20DFA8D885BEEBBF9EF19300F14419AF955E72A1D730DA41CB60
                                                        Function 00B72D20 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 117COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • _ValidateLocalCookies.LIBCMT ref: 00B72D4B
                                                        • ___except_validate_context_record.LIBVCRUNTIME ref: 00B72D53
                                                        • _ValidateLocalCookies.LIBCMT ref: 00B72DE1
                                                        • __IsNonwritableInCurrentImage.LIBCMT ref: 00B72E0C
                                                        • _ValidateLocalCookies.LIBCMT ref: 00B72E61
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                        • String ID: csm
                                                        • API String ID: 1170836740-1018135373
                                                        • Opcode ID: dc7970d78bb484dedcd3228b670b13d1be3f8855e87ab82af394ec03d9d922a4
                                                        • Instruction ID: e06b0cfde1de3de021edae418b82dcfacf2db89db19b3d74c8d1d9c386e659f0
                                                        • Opcode Fuzzy Hash: dc7970d78bb484dedcd3228b670b13d1be3f8855e87ab82af394ec03d9d922a4
                                                        • Instruction Fuzzy Hash: 1141A334E012099BCF20DF68C885A9EBBF5FF45314F14C1E5E8296B352D731AA15CB91
                                                        Function 00BD10B8 Relevance: 10.6, APIs: 7, Instructions: 110networkCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00BD304E: inet_addr.WSOCK32(?), ref: 00BD307A
                                                          • Part of subcall function 00BD304E: _wcslen.LIBCMT ref: 00BD309B
                                                        • socket.WSOCK32(00000002,00000001,00000006), ref: 00BD1112
                                                        • WSAGetLastError.WSOCK32 ref: 00BD1121
                                                        • WSAGetLastError.WSOCK32 ref: 00BD11C9
                                                        • closesocket.WSOCK32(00000000), ref: 00BD11F9
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: ErrorLast$_wcslenclosesocketinet_addrsocket
                                                        • String ID:
                                                        • API String ID: 2675159561-0
                                                        • Opcode ID: 5ec84157537636e9420b268a0fcbf2aefbf1047cdfdc1bc7e859b07352f8542b
                                                        • Instruction ID: 07f3e561fc11f14c14493c0c39fc2f03596c983d0612099cda71df356c1af042
                                                        • Opcode Fuzzy Hash: 5ec84157537636e9420b268a0fcbf2aefbf1047cdfdc1bc7e859b07352f8542b
                                                        • Instruction Fuzzy Hash: 0F41F631600204AFDB109F58C884BA9FBEAEF45324F14849AFD15AF391DB70ED45CBA1
                                                        Function 00BBCF00 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 108filestringCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00BBDDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,00BBCF22,?), ref: 00BBDDFD
                                                          • Part of subcall function 00BBDDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,00BBCF22,?), ref: 00BBDE16
                                                        • lstrcmpiW.KERNEL32(?,?), ref: 00BBCF45
                                                        • MoveFileW.KERNEL32(?,?), ref: 00BBCF7F
                                                        • _wcslen.LIBCMT ref: 00BBD005
                                                        • _wcslen.LIBCMT ref: 00BBD01B
                                                        • SHFileOperationW.SHELL32(?), ref: 00BBD061
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: FileFullNamePath_wcslen$MoveOperationlstrcmpi
                                                        • String ID: \*.*
                                                        • API String ID: 3164238972-1173974218
                                                        • Opcode ID: c4301eb5f6431fb4e0cf573e5f18706032b476ee93b465aa6d0e9f9ada0d8a57
                                                        • Instruction ID: 1eff6eafaf646f881f29aae0516e20ae3b3614dc0d72a82ae52c7a4434d40ef4
                                                        • Opcode Fuzzy Hash: c4301eb5f6431fb4e0cf573e5f18706032b476ee93b465aa6d0e9f9ada0d8a57
                                                        • Instruction Fuzzy Hash: AA4146719452199FDF12EFA4C981AFDB7F9EF08380F1000E6E509EB142EB74A689CB50
                                                        Function 00BE2DFD Relevance: 10.6, APIs: 7, Instructions: 99windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 00BE2E1C
                                                        • GetWindowLongW.USER32(?,000000F0), ref: 00BE2E4F
                                                        • GetWindowLongW.USER32(?,000000F0), ref: 00BE2E84
                                                        • SendMessageW.USER32(?,000000F1,00000000,00000000), ref: 00BE2EB6
                                                        • SendMessageW.USER32(?,000000F1,00000001,00000000), ref: 00BE2EE0
                                                        • GetWindowLongW.USER32(?,000000F0), ref: 00BE2EF1
                                                        • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00BE2F0B
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: LongWindow$MessageSend
                                                        • String ID:
                                                        • API String ID: 2178440468-0
                                                        • Opcode ID: cc046f80dbe45caf59de7c2a1c81520b66d449788fcffa5c09f0b3e937510309
                                                        • Instruction ID: 87944131625ca97d6133682ba2b0fc763645d83eea7a0ff94e28c0a5afc145b8
                                                        • Opcode Fuzzy Hash: cc046f80dbe45caf59de7c2a1c81520b66d449788fcffa5c09f0b3e937510309
                                                        • Instruction Fuzzy Hash: B931F4316042A09FDB219F59DC85F6937E9EB5A720F1901A4F9019F2B2CB71AC819B41
                                                        Function 00BB7726 Relevance: 10.6, APIs: 7, Instructions: 94memoryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00BB7769
                                                        • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00BB778F
                                                        • SysAllocString.OLEAUT32(00000000), ref: 00BB7792
                                                        • SysAllocString.OLEAUT32(?), ref: 00BB77B0
                                                        • SysFreeString.OLEAUT32(?), ref: 00BB77B9
                                                        • StringFromGUID2.OLE32(?,?,00000028), ref: 00BB77DE
                                                        • SysAllocString.OLEAUT32(?), ref: 00BB77EC
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                        • String ID:
                                                        • API String ID: 3761583154-0
                                                        • Opcode ID: ba5da7cb6750f09c3d2c40aeb9276985066b0e1a5abbd850fe6b8a7bb4012712
                                                        • Instruction ID: aeed22d79781bce92ee75959bb632c6e89059499498d90606952badb7860b8c2
                                                        • Opcode Fuzzy Hash: ba5da7cb6750f09c3d2c40aeb9276985066b0e1a5abbd850fe6b8a7bb4012712
                                                        • Instruction Fuzzy Hash: D021AE76604219AFDB10DFA9DCC8CFB77ECEB49364B108065BA14DB290DEB0DC4287A0
                                                        Function 00BB77FD Relevance: 10.6, APIs: 7, Instructions: 89memoryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00BB7842
                                                        • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00BB7868
                                                        • SysAllocString.OLEAUT32(00000000), ref: 00BB786B
                                                        • SysAllocString.OLEAUT32 ref: 00BB788C
                                                        • SysFreeString.OLEAUT32 ref: 00BB7895
                                                        • StringFromGUID2.OLE32(?,?,00000028), ref: 00BB78AF
                                                        • SysAllocString.OLEAUT32(?), ref: 00BB78BD
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                        • String ID:
                                                        • API String ID: 3761583154-0
                                                        • Opcode ID: 6cfac07385e120874cc8228339eefb8f69f822bc6c83917abd92cf7bac86333f
                                                        • Instruction ID: 32a280a175b049f828ad9909b1016c2a012f124b16021bb5b56d8b7e9aa2afae
                                                        • Opcode Fuzzy Hash: 6cfac07385e120874cc8228339eefb8f69f822bc6c83917abd92cf7bac86333f
                                                        • Instruction Fuzzy Hash: B2213D36608205AFDB10AFB9DC8CDBA7BECEB497607108165F915CB2A1DEB4DC41CB64
                                                        Function 00BC04D2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetStdHandle.KERNEL32(0000000C), ref: 00BC04F2
                                                        • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 00BC052E
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: CreateHandlePipe
                                                        • String ID: nul
                                                        • API String ID: 1424370930-2873401336
                                                        • Opcode ID: 58bb586b9b3a77f1f005f6b28dbbdb9ee81ecdcc9c048925bd277af7895bf3a6
                                                        • Instruction ID: 0defa4662ad368055d9188a1020ecf4b0453483ebf85be60ed3403e579cedf47
                                                        • Opcode Fuzzy Hash: 58bb586b9b3a77f1f005f6b28dbbdb9ee81ecdcc9c048925bd277af7895bf3a6
                                                        • Instruction Fuzzy Hash: 62214B75610305EBDF20AF29D884F9A7BE4EF65724F204A5DE8A1972E0D7709941DF20
                                                        Function 00BC05A7 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetStdHandle.KERNEL32(000000F6), ref: 00BC05C6
                                                        • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 00BC0601
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: CreateHandlePipe
                                                        • String ID: nul
                                                        • API String ID: 1424370930-2873401336
                                                        • Opcode ID: 4933c22d9fa4846dd4ac287edd7f15d1dfd0b7995c3ea4f5d258a21a43aa7f0b
                                                        • Instruction ID: 8bea8a5321fd3781fb77a6215cd0236b48b678f277d35b6bb3c77a59fd153642
                                                        • Opcode Fuzzy Hash: 4933c22d9fa4846dd4ac287edd7f15d1dfd0b7995c3ea4f5d258a21a43aa7f0b
                                                        • Instruction Fuzzy Hash: 1A218175510315DBDB20AF698C44F9A7BE8FF95B20F200A6DF9A1E72E0DB709861CB10
                                                        Function 00BE40AD Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00B5600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00B5604C
                                                          • Part of subcall function 00B5600E: GetStockObject.GDI32(00000011), ref: 00B56060
                                                          • Part of subcall function 00B5600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 00B5606A
                                                        • SendMessageW.USER32(00000000,00002001,00000000,FF000000), ref: 00BE4112
                                                        • SendMessageW.USER32(?,00000409,00000000,FF000000), ref: 00BE411F
                                                        • SendMessageW.USER32(?,00000402,00000000,00000000), ref: 00BE412A
                                                        • SendMessageW.USER32(?,00000401,00000000,00640000), ref: 00BE4139
                                                        • SendMessageW.USER32(?,00000404,00000001,00000000), ref: 00BE4145
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: MessageSend$CreateObjectStockWindow
                                                        • String ID: Msctls_Progress32
                                                        • API String ID: 1025951953-3636473452
                                                        • Opcode ID: 1a51e30f235cca9e623aa468ce862f79fcb53ca921be84ffd0259614b43abcd7
                                                        • Instruction ID: 148794ef3c341f5b2bc980ccc11f0b4242e6de178eedf4833190aaf46f46253a
                                                        • Opcode Fuzzy Hash: 1a51e30f235cca9e623aa468ce862f79fcb53ca921be84ffd0259614b43abcd7
                                                        • Instruction Fuzzy Hash: C411B2B2150219BEEF118F65CC85EE77FADEF09798F014120BA18A6190CB769C61DBA4
                                                        Function 00B8D7DF Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00B8D7A3: _free.LIBCMT ref: 00B8D7CC
                                                        • _free.LIBCMT ref: 00B8D82D
                                                          • Part of subcall function 00B829C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00B8D7D1,00000000,00000000,00000000,00000000,?,00B8D7F8,00000000,00000007,00000000,?,00B8DBF5,00000000), ref: 00B829DE
                                                          • Part of subcall function 00B829C8: GetLastError.KERNEL32(00000000,?,00B8D7D1,00000000,00000000,00000000,00000000,?,00B8D7F8,00000000,00000007,00000000,?,00B8DBF5,00000000,00000000), ref: 00B829F0
                                                        • _free.LIBCMT ref: 00B8D838
                                                        • _free.LIBCMT ref: 00B8D843
                                                        • _free.LIBCMT ref: 00B8D897
                                                        • _free.LIBCMT ref: 00B8D8A2
                                                        • _free.LIBCMT ref: 00B8D8AD
                                                        • _free.LIBCMT ref: 00B8D8B8
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: _free$ErrorFreeHeapLast
                                                        • String ID:
                                                        • API String ID: 776569668-0
                                                        • Opcode ID: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
                                                        • Instruction ID: 6de5fb38363ef1850092d5a1bb2aede203db6052b35906c3531fa537ef4c3689
                                                        • Opcode Fuzzy Hash: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
                                                        • Instruction Fuzzy Hash: 3F11FB75941B04AADA21BFB0CC47FCF7BDCAF05700F4048A6F299A65F2DA69B905C760
                                                        Function 00BBDA5A Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 46windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetModuleHandleW.KERNEL32(00000000,?,?,00000100,00000000), ref: 00BBDA74
                                                        • LoadStringW.USER32(00000000), ref: 00BBDA7B
                                                        • GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 00BBDA91
                                                        • LoadStringW.USER32(00000000), ref: 00BBDA98
                                                        • MessageBoxW.USER32(00000000,?,?,00011010), ref: 00BBDADC
                                                        Strings
                                                        • %s (%d) : ==> %s: %s %s, xrefs: 00BBDAB9
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: HandleLoadModuleString$Message
                                                        • String ID: %s (%d) : ==> %s: %s %s
                                                        • API String ID: 4072794657-3128320259
                                                        • Opcode ID: 95ec5488f11d49844151d036d9f5c9880c7610686d908d90fdca05bbc9e00307
                                                        • Instruction ID: 5b1bdcac4678ed9a163d5f07fb7ce7a68f71b9edb756149f5bf33f4d29091e82
                                                        • Opcode Fuzzy Hash: 95ec5488f11d49844151d036d9f5c9880c7610686d908d90fdca05bbc9e00307
                                                        • Instruction Fuzzy Hash: 7D0162F2500248BFEB509BA09DC9EF7776CEB08701F400495B716E7041EAB49E858F75
                                                        Function 00BC096B Relevance: 10.5, APIs: 7, Instructions: 35synchronizationthreadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • InterlockedExchange.KERNEL32(015CD4B0,015CD4B0), ref: 00BC097B
                                                        • EnterCriticalSection.KERNEL32(015CD490,00000000), ref: 00BC098D
                                                        • TerminateThread.KERNEL32(?,000001F6), ref: 00BC099B
                                                        • WaitForSingleObject.KERNEL32(?,000003E8), ref: 00BC09A9
                                                        • CloseHandle.KERNEL32(?), ref: 00BC09B8
                                                        • InterlockedExchange.KERNEL32(015CD4B0,000001F6), ref: 00BC09C8
                                                        • LeaveCriticalSection.KERNEL32(015CD490), ref: 00BC09CF
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
                                                        • String ID:
                                                        • API String ID: 3495660284-0
                                                        • Opcode ID: 1d28afc135ec41db1d1d6ffb8d032187c3a95b55bbaa64967e0817908024f332
                                                        • Instruction ID: 9a19b4523349edefe2ed7ec8b2bbffecfd870f656e38eb5e9d33a857861bbc09
                                                        • Opcode Fuzzy Hash: 1d28afc135ec41db1d1d6ffb8d032187c3a95b55bbaa64967e0817908024f332
                                                        • Instruction Fuzzy Hash: A5F01932442A42EBD7415BA4EEC8BD6BB29FF01702F502125F2029A8A0CB749466CF90
                                                        Function 00BD1C60 Relevance: 9.3, APIs: 6, Instructions: 298networkCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • __WSAFDIsSet.WSOCK32(00000000,?), ref: 00BD1DC0
                                                        • #17.WSOCK32(00000000,?,?,00000000,?,00000010), ref: 00BD1DE1
                                                        • WSAGetLastError.WSOCK32 ref: 00BD1DF2
                                                        • htons.WSOCK32(?), ref: 00BD1EDB
                                                        • inet_ntoa.WSOCK32(?), ref: 00BD1E8C
                                                          • Part of subcall function 00BB39E8: _strlen.LIBCMT ref: 00BB39F2
                                                          • Part of subcall function 00BD3224: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,00000000,?,?,?,?,00BCEC0C), ref: 00BD3240
                                                        • _strlen.LIBCMT ref: 00BD1F35
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: _strlen$ByteCharErrorLastMultiWidehtonsinet_ntoa
                                                        • String ID:
                                                        • API String ID: 3203458085-0
                                                        • Opcode ID: f726c4181e1556b92df2f7743d377e28e41f6242a495042d521255ab8201428c
                                                        • Instruction ID: 7e67263bb2f35a1cb7033024c6ad0b56d7a0a721fbb5d71dec59465ab75385bd
                                                        • Opcode Fuzzy Hash: f726c4181e1556b92df2f7743d377e28e41f6242a495042d521255ab8201428c
                                                        • Instruction Fuzzy Hash: F3B17E31604340AFC324DF28C895E2ABBE5EF84318F54899DF4565B3A2EB71ED46CB91
                                                        Function 00B55D0A Relevance: 9.3, APIs: 6, Instructions: 276COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetClientRect.USER32(?,?), ref: 00B55D30
                                                        • GetWindowRect.USER32(?,?), ref: 00B55D71
                                                        • ScreenToClient.USER32(?,?), ref: 00B55D99
                                                        • GetClientRect.USER32(?,?), ref: 00B55ED7
                                                        • GetWindowRect.USER32(?,?), ref: 00B55EF8
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: Rect$Client$Window$Screen
                                                        • String ID:
                                                        • API String ID: 1296646539-0
                                                        • Opcode ID: dae8f2d77d8b859687cb9ac866b59ed5079059d178cb23a8efa4556dc11670d0
                                                        • Instruction ID: 6bf510c1a1022b1048a3dc8399dd60f4feba0a434e73bd8dd2ccede56541fd1c
                                                        • Opcode Fuzzy Hash: dae8f2d77d8b859687cb9ac866b59ed5079059d178cb23a8efa4556dc11670d0
                                                        • Instruction Fuzzy Hash: 53B16B35A0064ADFDF20CFA8C481BEAB7F1FF48311F14855AE8A9D7250DB30AA56DB50
                                                        Function 00B801B7 Relevance: 9.3, APIs: 6, Instructions: 269COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • __allrem.LIBCMT ref: 00B800BA
                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00B800D6
                                                        • __allrem.LIBCMT ref: 00B800ED
                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00B8010B
                                                        • __allrem.LIBCMT ref: 00B80122
                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00B80140
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
                                                        • String ID:
                                                        • API String ID: 1992179935-0
                                                        • Opcode ID: 8fbb49ba762f8ece8e29681380aa111ddf72d6c7443a1a5a7b6c612577c50f6c
                                                        • Instruction ID: c635c2111bdb5b2be909f7431ac1969e5127615a96bc57b4ac8e6d3045d2ca4e
                                                        • Opcode Fuzzy Hash: 8fbb49ba762f8ece8e29681380aa111ddf72d6c7443a1a5a7b6c612577c50f6c
                                                        • Instruction Fuzzy Hash: E381F572A01B069BE720BF78CC41B6A73E8EF41374F2485BAF525DA2A1EB70D904C754
                                                        Function 00B861FE Relevance: 9.2, APIs: 6, Instructions: 216COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,00B782D9,00B782D9,?,?,?,00B8644F,00000001,00000001,8BE85006), ref: 00B86258
                                                        • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,00B8644F,00000001,00000001,8BE85006,?,?,?), ref: 00B862DE
                                                        • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,8BE85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 00B863D8
                                                        • __freea.LIBCMT ref: 00B863E5
                                                          • Part of subcall function 00B83820: RtlAllocateHeap.NTDLL(00000000,?,00C21444,?,00B6FDF5,?,?,00B5A976,00000010,00C21440,00B513FC,?,00B513C6,?,00B51129), ref: 00B83852
                                                        • __freea.LIBCMT ref: 00B863EE
                                                        • __freea.LIBCMT ref: 00B86413
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: ByteCharMultiWide__freea$AllocateHeap
                                                        • String ID:
                                                        • API String ID: 1414292761-0
                                                        • Opcode ID: 0fc6456db0961a9d2d06dfe1c4d06df31c7dfa051f7c146d3926463ceced6977
                                                        • Instruction ID: bb56543e2c621d6c0b7a7959afbc521c9abc8ff99d3eef4b6c2e083d8c5cd28c
                                                        • Opcode Fuzzy Hash: 0fc6456db0961a9d2d06dfe1c4d06df31c7dfa051f7c146d3926463ceced6977
                                                        • Instruction Fuzzy Hash: E651B372A00216ABEB25AF68DC81EBF77EAEB44B50F1546A9FC05D7160EB34DC40C764
                                                        Function 00BDBBDB Relevance: 9.2, APIs: 6, Instructions: 191registryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00B59CB3: _wcslen.LIBCMT ref: 00B59CBD
                                                          • Part of subcall function 00BDC998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00BDB6AE,?,?), ref: 00BDC9B5
                                                          • Part of subcall function 00BDC998: _wcslen.LIBCMT ref: 00BDC9F1
                                                          • Part of subcall function 00BDC998: _wcslen.LIBCMT ref: 00BDCA68
                                                          • Part of subcall function 00BDC998: _wcslen.LIBCMT ref: 00BDCA9E
                                                        • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00BDBCCA
                                                        • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00BDBD25
                                                        • RegCloseKey.ADVAPI32(00000000), ref: 00BDBD6A
                                                        • RegEnumValueW.ADVAPI32(?,-00000001,?,?,00000000,?,00000000,00000000), ref: 00BDBD99
                                                        • RegCloseKey.ADVAPI32(?,?,00000000), ref: 00BDBDF3
                                                        • RegCloseKey.ADVAPI32(?), ref: 00BDBDFF
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpperValue
                                                        • String ID:
                                                        • API String ID: 1120388591-0
                                                        • Opcode ID: c8345e52431df0b0151976d82646782a3d9bcccd2689da7600210834a1f36a27
                                                        • Instruction ID: 8d163120191b720c17427c6ea64310b4a4e3b9664618e47dc73e1aa04176bb58
                                                        • Opcode Fuzzy Hash: c8345e52431df0b0151976d82646782a3d9bcccd2689da7600210834a1f36a27
                                                        • Instruction Fuzzy Hash: 33817E30218241EFD714DF24C895E2ABBE5FF84308F1589ADF4558B2A2EB31ED45CB92
                                                        Function 00BAF7AD Relevance: 9.2, APIs: 6, Instructions: 183memoryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • VariantInit.OLEAUT32(00000035), ref: 00BAF7B9
                                                        • SysAllocString.OLEAUT32(00000001), ref: 00BAF860
                                                        • VariantCopy.OLEAUT32(00BAFA64,00000000), ref: 00BAF889
                                                        • VariantClear.OLEAUT32(00BAFA64), ref: 00BAF8AD
                                                        • VariantCopy.OLEAUT32(00BAFA64,00000000), ref: 00BAF8B1
                                                        • VariantClear.OLEAUT32(?), ref: 00BAF8BB
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: Variant$ClearCopy$AllocInitString
                                                        • String ID:
                                                        • API String ID: 3859894641-0
                                                        • Opcode ID: 85358a23139df20558365d135100bc77397b6e51110b0c30a94246720ea704fe
                                                        • Instruction ID: f18d1338ed3095c5a9f6a484f1d5b136e702325054b1143f14d4c28a75686055
                                                        • Opcode Fuzzy Hash: 85358a23139df20558365d135100bc77397b6e51110b0c30a94246720ea704fe
                                                        • Instruction Fuzzy Hash: 8B51B331604312FACF20ABA5D8D5BBAB3E4EF46310B2484E6E905DF292DB74DC41C796
                                                        Function 00BC910C Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 383COMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00B57620: _wcslen.LIBCMT ref: 00B57625
                                                          • Part of subcall function 00B56B57: _wcslen.LIBCMT ref: 00B56B6A
                                                        • GetOpenFileNameW.COMDLG32(00000058), ref: 00BC94E5
                                                        • _wcslen.LIBCMT ref: 00BC9506
                                                        • _wcslen.LIBCMT ref: 00BC952D
                                                        • GetSaveFileNameW.COMDLG32(00000058), ref: 00BC9585
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: _wcslen$FileName$OpenSave
                                                        • String ID: X
                                                        • API String ID: 83654149-3081909835
                                                        • Opcode ID: 1e1379c4cde9ca987906b16dbeed8d96192eb6ed6e69303f784bd238b16a6c83
                                                        • Instruction ID: 4a651cbbd8dc17b7461034c942d4e91010a1dda2191a859cfc8c44474a948d81
                                                        • Opcode Fuzzy Hash: 1e1379c4cde9ca987906b16dbeed8d96192eb6ed6e69303f784bd238b16a6c83
                                                        • Instruction Fuzzy Hash: FFE16A316083419FD724DF24C885F6AB7E4FF95314F0489ADE8999B2A2DB31DD09CB92
                                                        Function 00B6920C Relevance: 9.1, APIs: 6, Instructions: 113COMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00B69BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00B69BB2
                                                        • BeginPaint.USER32(?,?,?), ref: 00B69241
                                                        • GetWindowRect.USER32(?,?), ref: 00B692A5
                                                        • ScreenToClient.USER32(?,?), ref: 00B692C2
                                                        • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 00B692D3
                                                        • EndPaint.USER32(?,?,?,?,?), ref: 00B69321
                                                        • Rectangle.GDI32(00000000,00000000,00000000,?,?), ref: 00BA71EA
                                                          • Part of subcall function 00B69339: BeginPath.GDI32(00000000), ref: 00B69357
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: BeginPaintWindow$ClientLongPathRectRectangleScreenViewport
                                                        • String ID:
                                                        • API String ID: 3050599898-0
                                                        • Opcode ID: 363fdbd00aaee4db348e2ceb5c37a6089ade611c63ee853ba8549f76a623c078
                                                        • Instruction ID: 6c3f5d8b5554afef37db3fa41c187885c5d4aca7e34b33a9c139ce43aa3393ba
                                                        • Opcode Fuzzy Hash: 363fdbd00aaee4db348e2ceb5c37a6089ade611c63ee853ba8549f76a623c078
                                                        • Instruction Fuzzy Hash: 7B41AD70108340AFD721DF24DCD5FBA7BE8EF56720F0402A9F9A59B2A1CB349846DB61
                                                        Function 00BC07EF Relevance: 9.1, APIs: 6, Instructions: 107fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • InterlockedExchange.KERNEL32(?,000001F5), ref: 00BC080C
                                                        • ReadFile.KERNEL32(?,?,0000FFFF,?,00000000), ref: 00BC0847
                                                        • EnterCriticalSection.KERNEL32(?), ref: 00BC0863
                                                        • LeaveCriticalSection.KERNEL32(?), ref: 00BC08DC
                                                        • ReadFile.KERNEL32(?,?,0000FFFF,00000000,00000000), ref: 00BC08F3
                                                        • InterlockedExchange.KERNEL32(?,000001F6), ref: 00BC0921
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: CriticalExchangeFileInterlockedReadSection$EnterLeave
                                                        • String ID:
                                                        • API String ID: 3368777196-0
                                                        • Opcode ID: ae2ae489fc0d33ff9afb542b50bda7002ed26b0f8e8fa89fa59a96d3b7173631
                                                        • Instruction ID: 78b92b89b8187ab5ccbb7f7de34757ef9be6473b96dff30d591ccb6158f818cf
                                                        • Opcode Fuzzy Hash: ae2ae489fc0d33ff9afb542b50bda7002ed26b0f8e8fa89fa59a96d3b7173631
                                                        • Instruction Fuzzy Hash: 6C416771910205EBDF14AF54DC85AAABBB8FF04300F1480A9ED04AF297DB31DE65DBA0
                                                        Function 00BE81DB Relevance: 9.1, APIs: 6, Instructions: 104windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • ShowWindow.USER32(FFFFFFFF,00000000,?,00000000,00000000,?,00BAF3AB,00000000,?,?,00000000,?,00BA682C,00000004,00000000,00000000), ref: 00BE824C
                                                        • EnableWindow.USER32(?,00000000), ref: 00BE8272
                                                        • ShowWindow.USER32(FFFFFFFF,00000000), ref: 00BE82D1
                                                        • ShowWindow.USER32(?,00000004), ref: 00BE82E5
                                                        • EnableWindow.USER32(?,00000001), ref: 00BE830B
                                                        • SendMessageW.USER32(?,0000130C,00000000,00000000), ref: 00BE832F
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: Window$Show$Enable$MessageSend
                                                        • String ID:
                                                        • API String ID: 642888154-0
                                                        • Opcode ID: 0dcd1a967f3ecf8626c1c2310de414e51090bdb9b7fa39ccab1a830f6410093f
                                                        • Instruction ID: 20cf7b5e72b96bda4eebf1316c211290b3c79717c69632a133556eb253d8adee
                                                        • Opcode Fuzzy Hash: 0dcd1a967f3ecf8626c1c2310de414e51090bdb9b7fa39ccab1a830f6410093f
                                                        • Instruction Fuzzy Hash: 03417634601A84AFDB25CF16D895BA87BE1FB06714F1842E5EA0C5F262CB329C42CF54
                                                        Function 00BB4C7D Relevance: 9.1, APIs: 6, Instructions: 87windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • IsWindowVisible.USER32(?), ref: 00BB4C95
                                                        • SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 00BB4CB2
                                                        • SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 00BB4CEA
                                                        • _wcslen.LIBCMT ref: 00BB4D08
                                                        • CharUpperBuffW.USER32(00000000,00000000,?,?,?,?), ref: 00BB4D10
                                                        • _wcsstr.LIBVCRUNTIME ref: 00BB4D1A
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: MessageSend$BuffCharUpperVisibleWindow_wcslen_wcsstr
                                                        • String ID:
                                                        • API String ID: 72514467-0
                                                        • Opcode ID: 7cd8e18f03a0f1bcc123b6cfdf3cb2b5da7987e5aa8f296ed58630240569e5bc
                                                        • Instruction ID: 6f7e42e618d922542154404b3c36c055caa4807146eb30556cbd5a593fba2a54
                                                        • Opcode Fuzzy Hash: 7cd8e18f03a0f1bcc123b6cfdf3cb2b5da7987e5aa8f296ed58630240569e5bc
                                                        • Instruction Fuzzy Hash: 5121D7326042417FEB155B29AC49EBB7FE8EF45750F1080B9F805CB192DFA5DC0196A0
                                                        Function 00BC581E Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 336comCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00B53AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00B53A97,?,?,00B52E7F,?,?,?,00000000), ref: 00B53AC2
                                                        • _wcslen.LIBCMT ref: 00BC587B
                                                        • CoInitialize.OLE32(00000000), ref: 00BC5995
                                                        • CoCreateInstance.OLE32(00BEFCF8,00000000,00000001,00BEFB68,?), ref: 00BC59AE
                                                        • CoUninitialize.OLE32 ref: 00BC59CC
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: CreateFullInitializeInstanceNamePathUninitialize_wcslen
                                                        • String ID: .lnk
                                                        • API String ID: 3172280962-24824748
                                                        • Opcode ID: d716f2333d5c63c12e41ecc7f2b0cf781ae21711048b7e239f33829cfbbce7fc
                                                        • Instruction ID: c632451d9de6f20d80cdef65278e31f4c782b1d8ad97599433400452ce7b7b22
                                                        • Opcode Fuzzy Hash: d716f2333d5c63c12e41ecc7f2b0cf781ae21711048b7e239f33829cfbbce7fc
                                                        • Instruction Fuzzy Hash: 82D154756047019FC724DF24C480E2ABBE5EF89714F14899DF88A9B361DB31ED89CB92
                                                        Function 00BB175D Relevance: 9.1, APIs: 6, Instructions: 68memoryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00BB0FB4: GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00BB0FCA
                                                          • Part of subcall function 00BB0FB4: GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00BB0FD6
                                                          • Part of subcall function 00BB0FB4: GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00BB0FE5
                                                          • Part of subcall function 00BB0FB4: HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00BB0FEC
                                                          • Part of subcall function 00BB0FB4: GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00BB1002
                                                        • GetLengthSid.ADVAPI32(?,00000000,00BB1335), ref: 00BB17AE
                                                        • GetProcessHeap.KERNEL32(00000008,00000000), ref: 00BB17BA
                                                        • HeapAlloc.KERNEL32(00000000), ref: 00BB17C1
                                                        • CopySid.ADVAPI32(00000000,00000000,?), ref: 00BB17DA
                                                        • GetProcessHeap.KERNEL32(00000000,00000000,00BB1335), ref: 00BB17EE
                                                        • HeapFree.KERNEL32(00000000), ref: 00BB17F5
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: Heap$Process$AllocInformationToken$CopyErrorFreeLastLength
                                                        • String ID:
                                                        • API String ID: 3008561057-0
                                                        • Opcode ID: a9b4f64250f0b40bbd48fbcccd81a4dda2fe86c9d55f2829fd7593a63ec97fed
                                                        • Instruction ID: f77d71130da5d33912795c79bd40d24fbbb097e67ae6debce5a4504a151e194c
                                                        • Opcode Fuzzy Hash: a9b4f64250f0b40bbd48fbcccd81a4dda2fe86c9d55f2829fd7593a63ec97fed
                                                        • Instruction Fuzzy Hash: A711CD72500204EBDB10DFA9CC98BFE7BE8EB42355F504598F441AB110CB719D01CB60
                                                        Function 00BB14CE Relevance: 9.1, APIs: 6, Instructions: 64processCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetCurrentProcess.KERNEL32(0000000A,00000004), ref: 00BB14FF
                                                        • OpenProcessToken.ADVAPI32(00000000), ref: 00BB1506
                                                        • CreateEnvironmentBlock.USERENV(?,00000004,00000001), ref: 00BB1515
                                                        • CloseHandle.KERNEL32(00000004), ref: 00BB1520
                                                        • CreateProcessWithLogonW.ADVAPI32(?,?,?,00000000,00000000,?,?,00000000,?,?,?), ref: 00BB154F
                                                        • DestroyEnvironmentBlock.USERENV(00000000), ref: 00BB1563
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: Process$BlockCreateEnvironment$CloseCurrentDestroyHandleLogonOpenTokenWith
                                                        • String ID:
                                                        • API String ID: 1413079979-0
                                                        • Opcode ID: d42a3f06869856f8b3a07dcbfb6b7cb129eb16035ee4c7164c0e0ad2d0d221e3
                                                        • Instruction ID: 5f48b4d6c221d33f8dfb63bbdac7fdc4a32e67c28c48cd2dee0a152f9bdeb9d5
                                                        • Opcode Fuzzy Hash: d42a3f06869856f8b3a07dcbfb6b7cb129eb16035ee4c7164c0e0ad2d0d221e3
                                                        • Instruction Fuzzy Hash: D5115672500249EBDF11CFA8DD89BEE7BA9EF48704F044065FA05A6160C7B1CE61DB60
                                                        Function 00B73382 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                        Download Yara Rule
                                                        APIs
                                                        • GetLastError.KERNEL32(?,?,00B73379,00B72FE5), ref: 00B73390
                                                        • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00B7339E
                                                        • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00B733B7
                                                        • SetLastError.KERNEL32(00000000,?,00B73379,00B72FE5), ref: 00B73409
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: ErrorLastValue___vcrt_
                                                        • String ID:
                                                        • API String ID: 3852720340-0
                                                        • Opcode ID: 9600582c21d550f1fd410b2360d6b210d367c273db98384e50bad900dca4c85d
                                                        • Instruction ID: cb6cb35a4a7fe806c1c3d759d7be85c30f37a97d34cba3791ac276866d9de08c
                                                        • Opcode Fuzzy Hash: 9600582c21d550f1fd410b2360d6b210d367c273db98384e50bad900dca4c85d
                                                        • Instruction Fuzzy Hash: 1901D83264D311BEA62527B47CC579B2AD5EB0AB75730C2A9F538852F0EF114D017558
                                                        Function 00B82D74 Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE
                                                        Download Yara Rule
                                                        APIs
                                                        • GetLastError.KERNEL32(?,?,00B85686,00B93CD6,?,00000000,?,00B85B6A,?,?,?,?,?,00B7E6D1,?,00C18A48), ref: 00B82D78
                                                        • _free.LIBCMT ref: 00B82DAB
                                                        • _free.LIBCMT ref: 00B82DD3
                                                        • SetLastError.KERNEL32(00000000,?,?,?,?,00B7E6D1,?,00C18A48,00000010,00B54F4A,?,?,00000000,00B93CD6), ref: 00B82DE0
                                                        • SetLastError.KERNEL32(00000000,?,?,?,?,00B7E6D1,?,00C18A48,00000010,00B54F4A,?,?,00000000,00B93CD6), ref: 00B82DEC
                                                        • _abort.LIBCMT ref: 00B82DF2
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: ErrorLast$_free$_abort
                                                        • String ID:
                                                        • API String ID: 3160817290-0
                                                        • Opcode ID: 0e89bf7dcfc1d97bc23c228ad7d99a9aa4ad8f73cb26605be126db8af8a3835c
                                                        • Instruction ID: 6bcafa405ba4af8f1bc567e0a095af58f2ad9243c356cfe87ae6e43dc2d55d51
                                                        • Opcode Fuzzy Hash: 0e89bf7dcfc1d97bc23c228ad7d99a9aa4ad8f73cb26605be126db8af8a3835c
                                                        • Instruction Fuzzy Hash: 84F0813654560067C6123738AC46A5E2DE9ABC2BA1F3545B8F824972B2EE249802C360
                                                        Function 00BE8A24 Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00B69639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00B69693
                                                          • Part of subcall function 00B69639: SelectObject.GDI32(?,00000000), ref: 00B696A2
                                                          • Part of subcall function 00B69639: BeginPath.GDI32(?), ref: 00B696B9
                                                          • Part of subcall function 00B69639: SelectObject.GDI32(?,00000000), ref: 00B696E2
                                                        • MoveToEx.GDI32(?,-00000002,00000000,00000000), ref: 00BE8A4E
                                                        • LineTo.GDI32(?,00000003,00000000), ref: 00BE8A62
                                                        • MoveToEx.GDI32(?,00000000,-00000002,00000000), ref: 00BE8A70
                                                        • LineTo.GDI32(?,00000000,00000003), ref: 00BE8A80
                                                        • EndPath.GDI32(?), ref: 00BE8A90
                                                        • StrokePath.GDI32(?), ref: 00BE8AA0
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: Path$LineMoveObjectSelect$BeginCreateStroke
                                                        • String ID:
                                                        • API String ID: 43455801-0
                                                        • Opcode ID: 9d04c8ec121acfeff65c56b7bf42937b41ab25cb75d77c7e3db50a89c6376b23
                                                        • Instruction ID: 1f623369a07747f07ffce0dec05b0e786195e26755daf7f026121fbd31f87c22
                                                        • Opcode Fuzzy Hash: 9d04c8ec121acfeff65c56b7bf42937b41ab25cb75d77c7e3db50a89c6376b23
                                                        • Instruction Fuzzy Hash: 8411BA7600014DFFDF129F95DC88F9A7FADEB04354F048062FA199A161CB719D56DBA0
                                                        Function 00BB51FD Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetDC.USER32(00000000), ref: 00BB5218
                                                        • GetDeviceCaps.GDI32(00000000,00000058), ref: 00BB5229
                                                        • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00BB5230
                                                        • ReleaseDC.USER32(00000000,00000000), ref: 00BB5238
                                                        • MulDiv.KERNEL32(000009EC,?,00000000), ref: 00BB524F
                                                        • MulDiv.KERNEL32(000009EC,00000001,?), ref: 00BB5261
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: CapsDevice$Release
                                                        • String ID:
                                                        • API String ID: 1035833867-0
                                                        • Opcode ID: 882f66d99013e962a3b978d34049cb9a8991b7748d70d016eaa6f59814bd333a
                                                        • Instruction ID: ee34f50d1bcc8e1ba3cfea0ec2789d6f0f3180364ac8cbb281a7fa6f80c95252
                                                        • Opcode Fuzzy Hash: 882f66d99013e962a3b978d34049cb9a8991b7748d70d016eaa6f59814bd333a
                                                        • Instruction Fuzzy Hash: F4014F75A01759BBEB109BE59C89B9EBFB8EB48751F044065FA04AB281DA709801CBA1
                                                        Function 00B51BC3 Relevance: 9.0, APIs: 6, Instructions: 44keyboardCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • MapVirtualKeyW.USER32(0000005B,00000000), ref: 00B51BF4
                                                        • MapVirtualKeyW.USER32(00000010,00000000), ref: 00B51BFC
                                                        • MapVirtualKeyW.USER32(000000A0,00000000), ref: 00B51C07
                                                        • MapVirtualKeyW.USER32(000000A1,00000000), ref: 00B51C12
                                                        • MapVirtualKeyW.USER32(00000011,00000000), ref: 00B51C1A
                                                        • MapVirtualKeyW.USER32(00000012,00000000), ref: 00B51C22
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: Virtual
                                                        • String ID:
                                                        • API String ID: 4278518827-0
                                                        • Opcode ID: 8bf70dfa092b7671125fd20e6c16835c4f1471f4fe7c1439638070f088e1ca9a
                                                        • Instruction ID: 8074d2c8aab304daba194fa391dcc9f96c8c7e551732bbc5a8a5c9544155e383
                                                        • Opcode Fuzzy Hash: 8bf70dfa092b7671125fd20e6c16835c4f1471f4fe7c1439638070f088e1ca9a
                                                        • Instruction Fuzzy Hash: AD0144B0902B5ABDE3008F6A8C85A52FFA8FF19354F00411BA15C4BA42C7B5A864CBE5
                                                        Function 00BBEB20 Relevance: 9.0, APIs: 6, Instructions: 42windowtimethreadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • PostMessageW.USER32(?,00000010,00000000,00000000), ref: 00BBEB30
                                                        • SendMessageTimeoutW.USER32(?,00000010,00000000,00000000,00000002,000001F4,?), ref: 00BBEB46
                                                        • GetWindowThreadProcessId.USER32(?,?), ref: 00BBEB55
                                                        • OpenProcess.KERNEL32(001F0FFF,00000000,?,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00BBEB64
                                                        • TerminateProcess.KERNEL32(00000000,00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00BBEB6E
                                                        • CloseHandle.KERNEL32(00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00BBEB75
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
                                                        • String ID:
                                                        • API String ID: 839392675-0
                                                        • Opcode ID: 15e91d9ad04712f179e7f0d76f5b4dac537011b07d2e9ab23fa9c0d0b6e8cc8f
                                                        • Instruction ID: a0c3a022a1793a8a9144c1066bd2797a6393352aff5c4a098e6f080f4c48129f
                                                        • Opcode Fuzzy Hash: 15e91d9ad04712f179e7f0d76f5b4dac537011b07d2e9ab23fa9c0d0b6e8cc8f
                                                        • Instruction Fuzzy Hash: 5DF03072140198BFE72157529C4DEEF3E7CEFCAB11F000158FA11E7091DBA05A02C6B5
                                                        Function 00BA7439 Relevance: 9.0, APIs: 6, Instructions: 37windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetClientRect.USER32(?), ref: 00BA7452
                                                        • SendMessageW.USER32(?,00001328,00000000,?), ref: 00BA7469
                                                        • GetWindowDC.USER32(?), ref: 00BA7475
                                                        • GetPixel.GDI32(00000000,?,?), ref: 00BA7484
                                                        • ReleaseDC.USER32(?,00000000), ref: 00BA7496
                                                        • GetSysColor.USER32(00000005), ref: 00BA74B0
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: ClientColorMessagePixelRectReleaseSendWindow
                                                        • String ID:
                                                        • API String ID: 272304278-0
                                                        • Opcode ID: b3e7129f524a7db15edea65b735ed43c50cc54583c161f6d4c7bc8998a19bad6
                                                        • Instruction ID: bebea16494967ea6e57856b9576c91042efe7c770bda751c35ae572d04de31f8
                                                        • Opcode Fuzzy Hash: b3e7129f524a7db15edea65b735ed43c50cc54583c161f6d4c7bc8998a19bad6
                                                        • Instruction Fuzzy Hash: C7017831408255EFDB109F64DC49BAA7FB5FB08311F1000A4F926A71A0CF311E42AB10
                                                        Function 00BB1874 Relevance: 9.0, APIs: 6, Instructions: 23memorysynchronizationCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • WaitForSingleObject.KERNEL32(?,000000FF), ref: 00BB187F
                                                        • UnloadUserProfile.USERENV(?,?), ref: 00BB188B
                                                        • CloseHandle.KERNEL32(?), ref: 00BB1894
                                                        • CloseHandle.KERNEL32(?), ref: 00BB189C
                                                        • GetProcessHeap.KERNEL32(00000000,?), ref: 00BB18A5
                                                        • HeapFree.KERNEL32(00000000), ref: 00BB18AC
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
                                                        • String ID:
                                                        • API String ID: 146765662-0
                                                        • Opcode ID: 655af2fadc2138dbfe204563f6164bd1cefec95f9e8fabd02b41e1b901382462
                                                        • Instruction ID: 4d4eff55f08e01c150b08ae8560eba479c6919996d47edb03ad3125f25fb0da8
                                                        • Opcode Fuzzy Hash: 655af2fadc2138dbfe204563f6164bd1cefec95f9e8fabd02b41e1b901382462
                                                        • Instruction Fuzzy Hash: 4FE0E536004241BBDB015FA1ED4C90ABF39FF4AB22B108220F6259A070CF329422DF51
                                                        Function 00BBC5D0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 191windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00B57620: _wcslen.LIBCMT ref: 00B57625
                                                        • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00BBC6EE
                                                        • _wcslen.LIBCMT ref: 00BBC735
                                                        • SetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00BBC79C
                                                        • SetMenuDefaultItem.USER32(?,000000FF,00000000), ref: 00BBC7CA
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: ItemMenu$Info_wcslen$Default
                                                        • String ID: 0
                                                        • API String ID: 1227352736-4108050209
                                                        • Opcode ID: 32b58eb90e483eb5dd2af736c54181885335dd7f2eff3f0070d90d0a05590057
                                                        • Instruction ID: 34de40865508ba5b6443398c5cf01aed7f92e311055e79c74f03bd0c64408789
                                                        • Opcode Fuzzy Hash: 32b58eb90e483eb5dd2af736c54181885335dd7f2eff3f0070d90d0a05590057
                                                        • Instruction Fuzzy Hash: 6851CDB16043019BD714DF29D885BBB7BE8EF99310F040AA9F9A6D31A0DBA0DD04CB52
                                                        Function 00BDAD64 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 176COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • ShellExecuteExW.SHELL32(0000003C), ref: 00BDAEA3
                                                          • Part of subcall function 00B57620: _wcslen.LIBCMT ref: 00B57625
                                                        • GetProcessId.KERNEL32(00000000), ref: 00BDAF38
                                                        • CloseHandle.KERNEL32(00000000), ref: 00BDAF67
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: CloseExecuteHandleProcessShell_wcslen
                                                        • String ID: <$@
                                                        • API String ID: 146682121-1426351568
                                                        • Opcode ID: aa3a2ad437ac4e07ea2860a692f41184dfc865db50167ff3e730537a95e64596
                                                        • Instruction ID: d77ada76a567f7b847738771b59405ee63bf4134229baf4cd2049a9a4053f1e7
                                                        • Opcode Fuzzy Hash: aa3a2ad437ac4e07ea2860a692f41184dfc865db50167ff3e730537a95e64596
                                                        • Instruction Fuzzy Hash: 55716571A00619DFCB14EF54D494A9EBBF0EF08300F1484DAE85AAB392EB34ED45CB91
                                                        Function 00BB719E Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 120comlibraryloaderCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CoCreateInstance.OLE32(?,00000000,00000005,?,?,?,?,?,?,?,?,?,?,?), ref: 00BB7206
                                                        • SetErrorMode.KERNEL32(00000001,?,?,?,?,?,?,?,?,?), ref: 00BB723C
                                                        • GetProcAddress.KERNEL32(?,DllGetClassObject), ref: 00BB724D
                                                        • SetErrorMode.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 00BB72CF
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: ErrorMode$AddressCreateInstanceProc
                                                        • String ID: DllGetClassObject
                                                        • API String ID: 753597075-1075368562
                                                        • Opcode ID: 27d5b16a2003010d5d5d1d07d04f9eb2a7be2d9470b6cc8665c6f9d60392c1a2
                                                        • Instruction ID: 8e61bd5981dff5878771c016231fea87505d772babac1a2e83427414f4cf0b4b
                                                        • Opcode Fuzzy Hash: 27d5b16a2003010d5d5d1d07d04f9eb2a7be2d9470b6cc8665c6f9d60392c1a2
                                                        • Instruction Fuzzy Hash: 2F413E71A44204AFDB15CF64C884AEA7BE9EF85310F1580EDBD059F20ADBF1DA45CBA0
                                                        Function 00BE3D7C Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 101windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00BE3E35
                                                        • IsMenu.USER32(?), ref: 00BE3E4A
                                                        • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00BE3E92
                                                        • DrawMenuBar.USER32 ref: 00BE3EA5
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: Menu$Item$DrawInfoInsert
                                                        • String ID: 0
                                                        • API String ID: 3076010158-4108050209
                                                        • Opcode ID: a0a800c160e6fffa23bc738ed222eab91465a091ed6b135109e352d401025664
                                                        • Instruction ID: cbf1ff9bf4c0904716fc8a650f915c7542e7c38ab8d886d649aedd2c040719db
                                                        • Opcode Fuzzy Hash: a0a800c160e6fffa23bc738ed222eab91465a091ed6b135109e352d401025664
                                                        • Instruction Fuzzy Hash: BB418874A00249EFDB24DF51D888EAABBF9FF48750F0441A9E805AB250C730EE41CF60
                                                        Function 00BB1DE2 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 93windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00B59CB3: _wcslen.LIBCMT ref: 00B59CBD
                                                          • Part of subcall function 00BB3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00BB3CCA
                                                        • SendMessageW.USER32(?,00000188,00000000,00000000), ref: 00BB1E66
                                                        • SendMessageW.USER32(?,0000018A,00000000,00000000), ref: 00BB1E79
                                                        • SendMessageW.USER32(?,00000189,?,00000000), ref: 00BB1EA9
                                                          • Part of subcall function 00B56B57: _wcslen.LIBCMT ref: 00B56B6A
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: MessageSend$_wcslen$ClassName
                                                        • String ID: ComboBox$ListBox
                                                        • API String ID: 2081771294-1403004172
                                                        • Opcode ID: 0f3dcc122cba726fa321272a2e847e5e52bb393d245586b6a0b19971af8aafd3
                                                        • Instruction ID: bd27e9a884ff8bcb3865cde2297d17436aed92244b9bc048a4e2156be896e162
                                                        • Opcode Fuzzy Hash: 0f3dcc122cba726fa321272a2e847e5e52bb393d245586b6a0b19971af8aafd3
                                                        • Instruction Fuzzy Hash: F1214771A00104BFDB14ABA8DC96DFFBBF9DF46350B5045A9FC25A71E1DBB4890A8620
                                                        Function 00BE2F17 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 78windowlibraryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SendMessageW.USER32(00000000,00000467,00000000,?), ref: 00BE2F8D
                                                        • LoadLibraryW.KERNEL32(?), ref: 00BE2F94
                                                        • SendMessageW.USER32(?,00000467,00000000,00000000), ref: 00BE2FA9
                                                        • DestroyWindow.USER32(?), ref: 00BE2FB1
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: MessageSend$DestroyLibraryLoadWindow
                                                        • String ID: SysAnimate32
                                                        • API String ID: 3529120543-1011021900
                                                        • Opcode ID: b68e9b1a6daa2e07ffa92b9b767ab63cddd1c0c19488aeda41ed891e2f47fc9f
                                                        • Instruction ID: 55e336dd04450ece4a098bb1273e0611091871f3ecdbb3a61a083b10e6225d40
                                                        • Opcode Fuzzy Hash: b68e9b1a6daa2e07ffa92b9b767ab63cddd1c0c19488aeda41ed891e2f47fc9f
                                                        • Instruction Fuzzy Hash: 64218872600285ABEB204F669C81FBB37FDEB69364F100268FA50D7190D771DC9197A0
                                                        Function 00B74D6D Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                                        Download Yara Rule
                                                        APIs
                                                        • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,00B74D1E,00B828E9,?,00B74CBE,00B828E9,00C188B8,0000000C,00B74E15,00B828E9,00000002), ref: 00B74D8D
                                                        • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00B74DA0
                                                        • FreeLibrary.KERNEL32(00000000,?,?,?,00B74D1E,00B828E9,?,00B74CBE,00B828E9,00C188B8,0000000C,00B74E15,00B828E9,00000002,00000000), ref: 00B74DC3
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: AddressFreeHandleLibraryModuleProc
                                                        • String ID: CorExitProcess$mscoree.dll
                                                        • API String ID: 4061214504-1276376045
                                                        • Opcode ID: 709124d13703275b12fea0f8e7baa0f51c72abf123e825266cbbe74265dd80a9
                                                        • Instruction ID: 5b59a03b54fc3e132332216e68e76bb6330ec8663ae583722a1731823c9b1f4e
                                                        • Opcode Fuzzy Hash: 709124d13703275b12fea0f8e7baa0f51c72abf123e825266cbbe74265dd80a9
                                                        • Instruction Fuzzy Hash: F1F03C34A50208ABDB11AB90DC89BAEBFF5EF44752F0040E8B909A72A0DF709D41CB91
                                                        Function 00B54E90 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 24libraryloaderCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • LoadLibraryA.KERNEL32(kernel32.dll,?,?,00B54EDD,?,00C21418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00B54E9C
                                                        • GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00B54EAE
                                                        • FreeLibrary.KERNEL32(00000000,?,?,00B54EDD,?,00C21418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00B54EC0
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: Library$AddressFreeLoadProc
                                                        • String ID: Wow64DisableWow64FsRedirection$kernel32.dll
                                                        • API String ID: 145871493-3689287502
                                                        • Opcode ID: 3b208da047737a6c91e84092bb1aa1562bf41dcc57cbf3a2a2b3a38d33970b1b
                                                        • Instruction ID: 7ceb25fdd3d68f0d8e69a21161e4e67ac3b0c015e46987fdbceed6348d402b5b
                                                        • Opcode Fuzzy Hash: 3b208da047737a6c91e84092bb1aa1562bf41dcc57cbf3a2a2b3a38d33970b1b
                                                        • Instruction Fuzzy Hash: BBE0CD35E016625BD23117256C1DB6F69D4EF82F677050195FD04F7110DF60CD4740A1
                                                        Function 00B54E59 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 22libraryloaderCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • LoadLibraryA.KERNEL32(kernel32.dll,?,?,00B93CDE,?,00C21418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00B54E62
                                                        • GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00B54E74
                                                        • FreeLibrary.KERNEL32(00000000,?,?,00B93CDE,?,00C21418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00B54E87
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: Library$AddressFreeLoadProc
                                                        • String ID: Wow64RevertWow64FsRedirection$kernel32.dll
                                                        • API String ID: 145871493-1355242751
                                                        • Opcode ID: 8727a5df2e10302f98c3526de53b6cf1586238cacc00ed619afabf45e1e58151
                                                        • Instruction ID: a6c47174727b4b785624f0e483eed5682b9204c069edf8661f962ccf1b4f21ca
                                                        • Opcode Fuzzy Hash: 8727a5df2e10302f98c3526de53b6cf1586238cacc00ed619afabf45e1e58151
                                                        • Instruction Fuzzy Hash: 86D0C2319026615786261B256C09F8B2E58EF81F1A30501A4BC04B7110CF20CD4381D1
                                                        Function 00BC2947 Relevance: 7.8, APIs: 5, Instructions: 313fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00BC2C05
                                                        • DeleteFileW.KERNEL32(?), ref: 00BC2C87
                                                        • CopyFileW.KERNEL32(?,?,00000000,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 00BC2C9D
                                                        • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00BC2CAE
                                                        • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00BC2CC0
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: File$Delete$Copy
                                                        • String ID:
                                                        • API String ID: 3226157194-0
                                                        • Opcode ID: 5858882252c43cdeb4fa02de1023acf2e2ff1258e6d1c6789f9938f09e700cee
                                                        • Instruction ID: 102b3b4ef67f6697fed31a55b71a5c190e5d9704e99c2815c63bd9463e3f0fa5
                                                        • Opcode Fuzzy Hash: 5858882252c43cdeb4fa02de1023acf2e2ff1258e6d1c6789f9938f09e700cee
                                                        • Instruction Fuzzy Hash: 90B10A72D00119ABDF25DBA4CC85FDEBBBDEF49350F1040EAFA09E6151EA319A448B61
                                                        Function 00BDA387 Relevance: 7.8, APIs: 5, Instructions: 256COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetCurrentProcessId.KERNEL32 ref: 00BDA427
                                                        • OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 00BDA435
                                                        • GetProcessIoCounters.KERNEL32(00000000,?), ref: 00BDA468
                                                        • CloseHandle.KERNEL32(?), ref: 00BDA63D
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: Process$CloseCountersCurrentHandleOpen
                                                        • String ID:
                                                        • API String ID: 3488606520-0
                                                        • Opcode ID: caf9de0a5dc7469fcce4504760c401cc01067aa0d6e46f4d92402378fd52f7d8
                                                        • Instruction ID: 2486e33b65de1c366937b67c27ca251526106a8706affea2cadafa0ac4e28d2b
                                                        • Opcode Fuzzy Hash: caf9de0a5dc7469fcce4504760c401cc01067aa0d6e46f4d92402378fd52f7d8
                                                        • Instruction Fuzzy Hash: E5A170716043019FD720DF24D886F2AB7E5AF84714F14889DF95A9B392DBB0EC45CB92
                                                        Function 00B8BB27 Relevance: 7.7, APIs: 5, Instructions: 171timeCOMMONLIBRARYCODE
                                                        Download Yara Rule
                                                        APIs
                                                        • GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,00BF3700), ref: 00B8BB91
                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,00C2121C,000000FF,00000000,0000003F,00000000,?,?), ref: 00B8BC09
                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,00C21270,000000FF,?,0000003F,00000000,?), ref: 00B8BC36
                                                        • _free.LIBCMT ref: 00B8BB7F
                                                          • Part of subcall function 00B829C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00B8D7D1,00000000,00000000,00000000,00000000,?,00B8D7F8,00000000,00000007,00000000,?,00B8DBF5,00000000), ref: 00B829DE
                                                          • Part of subcall function 00B829C8: GetLastError.KERNEL32(00000000,?,00B8D7D1,00000000,00000000,00000000,00000000,?,00B8D7F8,00000000,00000007,00000000,?,00B8DBF5,00000000,00000000), ref: 00B829F0
                                                        • _free.LIBCMT ref: 00B8BD4B
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: ByteCharMultiWide_free$ErrorFreeHeapInformationLastTimeZone
                                                        • String ID:
                                                        • API String ID: 1286116820-0
                                                        • Opcode ID: 36694718a379c7d89959aae097dad893a603d6debc1e1b25e80f6a822dd7ccc9
                                                        • Instruction ID: b4eb3e31540e3a3d66bc3fe93a3300b43c0191a8d3f1d8bf7f8493f71f41c3d1
                                                        • Opcode Fuzzy Hash: 36694718a379c7d89959aae097dad893a603d6debc1e1b25e80f6a822dd7ccc9
                                                        • Instruction Fuzzy Hash: BE518471900209EBCB24FF799C81EAEB7F8EB55310B1442AAF554D71B1EB309E41CB54
                                                        Function 00BBE3FB Relevance: 7.7, APIs: 5, Instructions: 167filestringCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00BBDDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,00BBCF22,?), ref: 00BBDDFD
                                                          • Part of subcall function 00BBDDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,00BBCF22,?), ref: 00BBDE16
                                                          • Part of subcall function 00BBE199: GetFileAttributesW.KERNEL32(?,00BBCF95), ref: 00BBE19A
                                                        • lstrcmpiW.KERNEL32(?,?), ref: 00BBE473
                                                        • MoveFileW.KERNEL32(?,?), ref: 00BBE4AC
                                                        • _wcslen.LIBCMT ref: 00BBE5EB
                                                        • _wcslen.LIBCMT ref: 00BBE603
                                                        • SHFileOperationW.SHELL32(?,?,?,?,?,?), ref: 00BBE650
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: File$FullNamePath_wcslen$AttributesMoveOperationlstrcmpi
                                                        • String ID:
                                                        • API String ID: 3183298772-0
                                                        • Opcode ID: 23136870a969bd9ee968ce4e36014286c6b52edb5ed88a81cdc44f2fdb922360
                                                        • Instruction ID: 8fc828274fcb8612c405968f976aedb5c6972d544909e71a23edd08cfd32014e
                                                        • Opcode Fuzzy Hash: 23136870a969bd9ee968ce4e36014286c6b52edb5ed88a81cdc44f2fdb922360
                                                        • Instruction Fuzzy Hash: 985142B24083459BC724DBA4D8819EF77ECEF84340F00496EF69993151EFB5E58C8756
                                                        Function 00BDB9C9 Relevance: 7.7, APIs: 5, Instructions: 167registryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00B59CB3: _wcslen.LIBCMT ref: 00B59CBD
                                                          • Part of subcall function 00BDC998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00BDB6AE,?,?), ref: 00BDC9B5
                                                          • Part of subcall function 00BDC998: _wcslen.LIBCMT ref: 00BDC9F1
                                                          • Part of subcall function 00BDC998: _wcslen.LIBCMT ref: 00BDCA68
                                                          • Part of subcall function 00BDC998: _wcslen.LIBCMT ref: 00BDCA9E
                                                        • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00BDBAA5
                                                        • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00BDBB00
                                                        • RegEnumKeyExW.ADVAPI32(?,-00000001,?,?,00000000,00000000,00000000,?), ref: 00BDBB63
                                                        • RegCloseKey.ADVAPI32(?,?), ref: 00BDBBA6
                                                        • RegCloseKey.ADVAPI32(00000000), ref: 00BDBBB3
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpper
                                                        • String ID:
                                                        • API String ID: 826366716-0
                                                        • Opcode ID: 46b82a49c4fc0d58ce96e949b264eac1ea6f7675c895a134b20e8a3e37513c02
                                                        • Instruction ID: b75dd015012addb0fe6ac4a3e3feafdce05c1acd9f48af075fb7aa286ec25667
                                                        • Opcode Fuzzy Hash: 46b82a49c4fc0d58ce96e949b264eac1ea6f7675c895a134b20e8a3e37513c02
                                                        • Instruction Fuzzy Hash: 88614D31208241EFD714DF14C491E2ABBE5FF84348F55899EF4994B2A2EB31ED46CB92
                                                        Function 00BB8BB0 Relevance: 7.7, APIs: 5, Instructions: 159COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • VariantInit.OLEAUT32(?), ref: 00BB8BCD
                                                        • VariantClear.OLEAUT32 ref: 00BB8C3E
                                                        • VariantClear.OLEAUT32 ref: 00BB8C9D
                                                        • VariantClear.OLEAUT32(?), ref: 00BB8D10
                                                        • VariantChangeType.OLEAUT32(?,?,00000000,00000013), ref: 00BB8D3B
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: Variant$Clear$ChangeInitType
                                                        • String ID:
                                                        • API String ID: 4136290138-0
                                                        • Opcode ID: 15b5cebbfe64eeb62562c13d5345a8901a91af57edf538e59ad1d18509cc3b95
                                                        • Instruction ID: 33dd7ea891eb97846bfb035b7bf23da9d8eba1910248d298e3f318060ce0f115
                                                        • Opcode Fuzzy Hash: 15b5cebbfe64eeb62562c13d5345a8901a91af57edf538e59ad1d18509cc3b95
                                                        • Instruction Fuzzy Hash: 90516DB5A00219EFCB10CF58C894AEABBF9FF89310B15856AE919DB350D770E911CF90
                                                        Function 00BC8AFB Relevance: 7.6, APIs: 5, Instructions: 143COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetPrivateProfileSectionW.KERNEL32(00000003,?,00007FFF,?), ref: 00BC8BAE
                                                        • GetPrivateProfileSectionW.KERNEL32(?,00000003,00000003,?), ref: 00BC8BDA
                                                        • WritePrivateProfileSectionW.KERNEL32(?,?,?), ref: 00BC8C32
                                                        • WritePrivateProfileStringW.KERNEL32(00000003,00000000,00000000,?), ref: 00BC8C57
                                                        • WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 00BC8C5F
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: PrivateProfile$SectionWrite$String
                                                        • String ID:
                                                        • API String ID: 2832842796-0
                                                        • Opcode ID: 684579ed255ea574cf04a4433b26c8e3e59f1828bdb28a3ed94c3cc260278497
                                                        • Instruction ID: dc0ce7c968845dc1a72c3ace41984fd06079f241d7769b2a5bb32bcdb8a2e3c5
                                                        • Opcode Fuzzy Hash: 684579ed255ea574cf04a4433b26c8e3e59f1828bdb28a3ed94c3cc260278497
                                                        • Instruction Fuzzy Hash: 9B516A35A00219AFCB05DF64D880E6EBBF5FF48314F088498E849AB362DB35ED55CB90
                                                        Function 00BD8EE4 Relevance: 7.6, APIs: 5, Instructions: 143libraryloaderCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • LoadLibraryW.KERNEL32(?,00000000,?), ref: 00BD8F40
                                                        • GetProcAddress.KERNEL32(00000000,?), ref: 00BD8FD0
                                                        • GetProcAddress.KERNEL32(00000000,00000000), ref: 00BD8FEC
                                                        • GetProcAddress.KERNEL32(00000000,?), ref: 00BD9032
                                                        • FreeLibrary.KERNEL32(00000000), ref: 00BD9052
                                                          • Part of subcall function 00B6F6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,00000000,?,?,?,00BC1043,?,761DE610), ref: 00B6F6E6
                                                          • Part of subcall function 00B6F6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00BAFA64,00000000,00000000,?,?,00BC1043,?,761DE610,?,00BAFA64), ref: 00B6F70D
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: AddressProc$ByteCharLibraryMultiWide$FreeLoad
                                                        • String ID:
                                                        • API String ID: 666041331-0
                                                        • Opcode ID: 84a9043c61aba51b4c03bae637161271f8c0e5941902e899b4896682eb197ba8
                                                        • Instruction ID: 8cf2bb8aeed175bc04898e4d18c3ae3e0b727409b5b7f26f87e924fc0929d73f
                                                        • Opcode Fuzzy Hash: 84a9043c61aba51b4c03bae637161271f8c0e5941902e899b4896682eb197ba8
                                                        • Instruction Fuzzy Hash: 88513935600205DFC715DF68D4949ADBBF1FF49315B0484E9E80AAB362EB31ED86CB91
                                                        Function 00BE6B76 Relevance: 7.6, APIs: 5, Instructions: 131windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetWindowLongW.USER32(00000002,000000F0,?), ref: 00BE6C33
                                                        • SetWindowLongW.USER32(?,000000EC,?), ref: 00BE6C4A
                                                        • SendMessageW.USER32(00000002,00001036,00000000,?), ref: 00BE6C73
                                                        • ShowWindow.USER32(00000002,00000000,00000002,00000002,?,?,?,?,?,?,?,00BCAB79,00000000,00000000), ref: 00BE6C98
                                                        • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000027,00000002,?,00000001,00000002,00000002,?,?,?), ref: 00BE6CC7
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: Window$Long$MessageSendShow
                                                        • String ID:
                                                        • API String ID: 3688381893-0
                                                        • Opcode ID: 8a025e64233342bf8c8ff33f54eaba7ecc215c681863a6519b520a1063655eb4
                                                        • Instruction ID: 7ed9bce52452d5b86e62828fbd23f09aa207a3a5bf0e07b43eea1bcc1381821a
                                                        • Opcode Fuzzy Hash: 8a025e64233342bf8c8ff33f54eaba7ecc215c681863a6519b520a1063655eb4
                                                        • Instruction Fuzzy Hash: 2841B335A04184AFD724DF3ACC95FA97BE5EB193A0F2402A8FC95A73E0C771AD41DA40
                                                        Function 00B82051 Relevance: 7.6, APIs: 5, Instructions: 129COMMONLIBRARYCODE
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: _free
                                                        • String ID:
                                                        • API String ID: 269201875-0
                                                        • Opcode ID: 7d4b29f66d2d9b93d5bd3fc53cfe702930f59cfa72a47b3630e6ea2bf6c69718
                                                        • Instruction ID: 7376e4f5a42bd67ab8c70fc086cc518162ad4ed31f2607ae06fdd036988efb72
                                                        • Opcode Fuzzy Hash: 7d4b29f66d2d9b93d5bd3fc53cfe702930f59cfa72a47b3630e6ea2bf6c69718
                                                        • Instruction Fuzzy Hash: 6841C372A002049FCB24EF78C885A5DB7F5EF89714F2585A9E515EB3A5D731ED01CB80
                                                        Function 00B6912D Relevance: 7.6, APIs: 5, Instructions: 121keyboardCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetCursorPos.USER32(?), ref: 00B69141
                                                        • ScreenToClient.USER32(00000000,?), ref: 00B6915E
                                                        • GetAsyncKeyState.USER32(00000001), ref: 00B69183
                                                        • GetAsyncKeyState.USER32(00000002), ref: 00B6919D
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: AsyncState$ClientCursorScreen
                                                        • String ID:
                                                        • API String ID: 4210589936-0
                                                        • Opcode ID: b30393b5c68527cc145cd4ae094c913a8d84f5c8ffb3e0336cf57e010670b5cb
                                                        • Instruction ID: 917713ec9674eb85ff7f6cdb0c77382c6e55f88cb35f6889081abbc914e25259
                                                        • Opcode Fuzzy Hash: b30393b5c68527cc145cd4ae094c913a8d84f5c8ffb3e0336cf57e010670b5cb
                                                        • Instruction Fuzzy Hash: 07413E71A0C61AFBDF159F68C884BEEB7F8FB06324F204295E429A7290CB345955CB91
                                                        Function 00BC3874 Relevance: 7.6, APIs: 5, Instructions: 101windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetInputState.USER32 ref: 00BC38CB
                                                        • TranslateAcceleratorW.USER32(?,00000000,?), ref: 00BC3922
                                                        • TranslateMessage.USER32(?), ref: 00BC394B
                                                        • DispatchMessageW.USER32(?), ref: 00BC3955
                                                        • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00BC3966
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: Message$Translate$AcceleratorDispatchInputPeekState
                                                        • String ID:
                                                        • API String ID: 2256411358-0
                                                        • Opcode ID: 733905eb57f86ad0d1ae7e03dd83e73fd2c72205b129047beef1511e5b500579
                                                        • Instruction ID: 5e2f74debe347592450661c0b3b7df158c12320a5948a27a681b25a2516aa025
                                                        • Opcode Fuzzy Hash: 733905eb57f86ad0d1ae7e03dd83e73fd2c72205b129047beef1511e5b500579
                                                        • Instruction Fuzzy Hash: BD31EC705143819EEB35CB34D889FB637E4EB15B04F8885ADD463C64E0D7F49A85CB11
                                                        Function 00BCCF1A Relevance: 7.6, APIs: 5, Instructions: 93networkfileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • InternetQueryDataAvailable.WININET(?,?,00000000,00000000,00000000,?,00000000,?,?,?,00BCC21E,00000000), ref: 00BCCF38
                                                        • InternetReadFile.WININET(?,00000000,?,?), ref: 00BCCF6F
                                                        • GetLastError.KERNEL32(?,00000000,?,?,?,00BCC21E,00000000), ref: 00BCCFB4
                                                        • SetEvent.KERNEL32(?,?,00000000,?,?,?,00BCC21E,00000000), ref: 00BCCFC8
                                                        • SetEvent.KERNEL32(?,?,00000000,?,?,?,00BCC21E,00000000), ref: 00BCCFF2
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: EventInternet$AvailableDataErrorFileLastQueryRead
                                                        • String ID:
                                                        • API String ID: 3191363074-0
                                                        • Opcode ID: f41a3a1b51348a327052283b068b196f5c783ba29972e9869231240043070876
                                                        • Instruction ID: b34c4c08fa16b735647cb949b3fcd32052807ac7d7433ed93899b584e6d1241b
                                                        • Opcode Fuzzy Hash: f41a3a1b51348a327052283b068b196f5c783ba29972e9869231240043070876
                                                        • Instruction Fuzzy Hash: 10314C71A00205EFDB20DFA5D884EABBFF9EB24351B1044AEF51AD7141DB30EE499B60
                                                        Function 00BB1901 Relevance: 7.6, APIs: 5, Instructions: 93sleepwindowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetWindowRect.USER32(?,?), ref: 00BB1915
                                                        • PostMessageW.USER32(00000001,00000201,00000001), ref: 00BB19C1
                                                        • Sleep.KERNEL32(00000000,?,?,?), ref: 00BB19C9
                                                        • PostMessageW.USER32(00000001,00000202,00000000), ref: 00BB19DA
                                                        • Sleep.KERNEL32(00000000,?,?,?,?), ref: 00BB19E2
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: MessagePostSleep$RectWindow
                                                        • String ID:
                                                        • API String ID: 3382505437-0
                                                        • Opcode ID: e0365eee02b48f4e4009ab6ef265347c34996ae85c1ac41fadd4a8244223b7be
                                                        • Instruction ID: 810f632ebe97635c23073d34284b2545184678f0b3e3d0e41cd664cb7618935b
                                                        • Opcode Fuzzy Hash: e0365eee02b48f4e4009ab6ef265347c34996ae85c1ac41fadd4a8244223b7be
                                                        • Instruction Fuzzy Hash: 8F31E271900259EFCB00CFACCDA8AEE3BB5EB04314F104665F961AB2D0C7B09945CB90
                                                        Function 00BE5706 Relevance: 7.6, APIs: 5, Instructions: 82windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SendMessageW.USER32(?,00001053,000000FF,?), ref: 00BE5745
                                                        • SendMessageW.USER32(?,00001074,?,00000001), ref: 00BE579D
                                                        • _wcslen.LIBCMT ref: 00BE57AF
                                                        • _wcslen.LIBCMT ref: 00BE57BA
                                                        • SendMessageW.USER32(?,00001002,00000000,?), ref: 00BE5816
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: MessageSend$_wcslen
                                                        • String ID:
                                                        • API String ID: 763830540-0
                                                        • Opcode ID: c450d29ac5a5443ac9ebc2f86b5772261ee746e379a74d7da2962cf8c36803d5
                                                        • Instruction ID: 97a592289afd7495873e58601e4870f4a9b60a1efe2c8eb2605dde341b409dff
                                                        • Opcode Fuzzy Hash: c450d29ac5a5443ac9ebc2f86b5772261ee746e379a74d7da2962cf8c36803d5
                                                        • Instruction Fuzzy Hash: DA21A5759046989ADB308F61CCC4AEE7BF8FF04328F108296E929EB1C5D7709985CF50
                                                        Function 00BD0930 Relevance: 7.6, APIs: 5, Instructions: 69COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • IsWindow.USER32(00000000), ref: 00BD0951
                                                        • GetForegroundWindow.USER32 ref: 00BD0968
                                                        • GetDC.USER32(00000000), ref: 00BD09A4
                                                        • GetPixel.GDI32(00000000,?,00000003), ref: 00BD09B0
                                                        • ReleaseDC.USER32(00000000,00000003), ref: 00BD09E8
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: Window$ForegroundPixelRelease
                                                        • String ID:
                                                        • API String ID: 4156661090-0
                                                        • Opcode ID: 16b7930c1bc8b7e16d60a80e530c24b158acfeab8faefed96ee6f32e976ab33d
                                                        • Instruction ID: bcde625477faf32421b0c9eb562443420de0673d03958fe1a2afc67a8c776643
                                                        • Opcode Fuzzy Hash: 16b7930c1bc8b7e16d60a80e530c24b158acfeab8faefed96ee6f32e976ab33d
                                                        • Instruction Fuzzy Hash: 3A218135600204AFD704EF69D894FAEBBE5EF44701F0484ADE85AEB352DB30AC05CB90
                                                        Function 00B8CDBD Relevance: 7.6, APIs: 5, Instructions: 68COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetEnvironmentStringsW.KERNEL32 ref: 00B8CDC6
                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00B8CDE9
                                                          • Part of subcall function 00B83820: RtlAllocateHeap.NTDLL(00000000,?,00C21444,?,00B6FDF5,?,?,00B5A976,00000010,00C21440,00B513FC,?,00B513C6,?,00B51129), ref: 00B83852
                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 00B8CE0F
                                                        • _free.LIBCMT ref: 00B8CE22
                                                        • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00B8CE31
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
                                                        • String ID:
                                                        • API String ID: 336800556-0
                                                        • Opcode ID: eb50c21c9e1550da3148a6a4910538f6139db18f271e6839e09cb9da19675648
                                                        • Instruction ID: 01abb9acbd8e8f50a65529974bfeda8f3d2cc5e758df7d0b01ae99c3c06af00d
                                                        • Opcode Fuzzy Hash: eb50c21c9e1550da3148a6a4910538f6139db18f271e6839e09cb9da19675648
                                                        • Instruction Fuzzy Hash: FE01D8B26012557F23213A766CC8C7B6DEDDFC6BA23150169F905D7210DE709D02C3B0
                                                        Function 00B69639 Relevance: 7.6, APIs: 5, Instructions: 66COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00B69693
                                                        • SelectObject.GDI32(?,00000000), ref: 00B696A2
                                                        • BeginPath.GDI32(?), ref: 00B696B9
                                                        • SelectObject.GDI32(?,00000000), ref: 00B696E2
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: ObjectSelect$BeginCreatePath
                                                        • String ID:
                                                        • API String ID: 3225163088-0
                                                        • Opcode ID: 9c2926584e53d5b91ef97b3a8a75c1418e00475a9afbd5a20d3e8a06d70eba07
                                                        • Instruction ID: 9c9a9a77452b1db31c214104d2d8d32032a363746d104c5e7f8c16306b65446b
                                                        • Opcode Fuzzy Hash: 9c2926584e53d5b91ef97b3a8a75c1418e00475a9afbd5a20d3e8a06d70eba07
                                                        • Instruction Fuzzy Hash: 60218070826345EBDB21AF24EC447AD3BE8FB21315F140256F810A75B1D7745893CF94
                                                        Function 00BB5711 Relevance: 7.6, APIs: 5, Instructions: 61COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: _memcmp
                                                        • String ID:
                                                        • API String ID: 2931989736-0
                                                        • Opcode ID: 777f120ab20686c2ba8eaea24f433438e7d116fca08493db09782a31dbde2662
                                                        • Instruction ID: 20798e07f6b6aa991baacceed24b7cec99874ed1467645b28527647764fbe080
                                                        • Opcode Fuzzy Hash: 777f120ab20686c2ba8eaea24f433438e7d116fca08493db09782a31dbde2662
                                                        • Instruction Fuzzy Hash: C901B971741605BBE228551B9D82FFB73DCDF21398F2044E0FD189A241FBA0EE1182B6
                                                        Function 00B82DF8 Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE
                                                        Download Yara Rule
                                                        APIs
                                                        • GetLastError.KERNEL32(?,?,?,00B7F2DE,00B83863,00C21444,?,00B6FDF5,?,?,00B5A976,00000010,00C21440,00B513FC,?,00B513C6), ref: 00B82DFD
                                                        • _free.LIBCMT ref: 00B82E32
                                                        • _free.LIBCMT ref: 00B82E59
                                                        • SetLastError.KERNEL32(00000000,00B51129), ref: 00B82E66
                                                        • SetLastError.KERNEL32(00000000,00B51129), ref: 00B82E6F
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: ErrorLast$_free
                                                        • String ID:
                                                        • API String ID: 3170660625-0
                                                        • Opcode ID: b521f1ec87f45ff3b07e97620b1c5857293befc6cd00c70e7207944790c07caf
                                                        • Instruction ID: c2d2721d065e924a5fbb4f42d552e7f22767e1eec531834b540a491e07c4e110
                                                        • Opcode Fuzzy Hash: b521f1ec87f45ff3b07e97620b1c5857293befc6cd00c70e7207944790c07caf
                                                        • Instruction Fuzzy Hash: 0301A93664560077C6127774ACC5E6F15EDEBD2767B3541A5F425932B2EF748C01C324
                                                        Function 00BB000E Relevance: 7.5, APIs: 5, Instructions: 47stringCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,00BAFF41,80070057,?,?,?,00BB035E), ref: 00BB002B
                                                        • ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00BAFF41,80070057,?,?), ref: 00BB0046
                                                        • lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00BAFF41,80070057,?,?), ref: 00BB0054
                                                        • CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00BAFF41,80070057,?), ref: 00BB0064
                                                        • CLSIDFromString.OLE32(?,?,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00BAFF41,80070057,?,?), ref: 00BB0070
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: From$Prog$FreeStringTasklstrcmpi
                                                        • String ID:
                                                        • API String ID: 3897988419-0
                                                        • Opcode ID: 067c482fcc64dba7295a8837a1fdaf7b7bfad9a5002cc03e6e2df5549c996c98
                                                        • Instruction ID: c7a31179cf7d23593119b10391a4a201195105474d6ceae9ca9aaf905ccfb906
                                                        • Opcode Fuzzy Hash: 067c482fcc64dba7295a8837a1fdaf7b7bfad9a5002cc03e6e2df5549c996c98
                                                        • Instruction Fuzzy Hash: C3017872610208ABDB116F68EC84BBA7EEDEB44792F144164F905DB210EBB1DD418BA0
                                                        Function 00BBE97B Relevance: 7.5, APIs: 5, Instructions: 47sleepCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • QueryPerformanceCounter.KERNEL32(?), ref: 00BBE997
                                                        • QueryPerformanceFrequency.KERNEL32(?), ref: 00BBE9A5
                                                        • Sleep.KERNEL32(00000000), ref: 00BBE9AD
                                                        • QueryPerformanceCounter.KERNEL32(?), ref: 00BBE9B7
                                                        • Sleep.KERNEL32 ref: 00BBE9F3
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: PerformanceQuery$CounterSleep$Frequency
                                                        • String ID:
                                                        • API String ID: 2833360925-0
                                                        • Opcode ID: 924f82703f0a81e71e853d4bea69e19a3f161d140e44deee6548dec45eb071b7
                                                        • Instruction ID: e88c279fcd1efac633a4d32b5bf41636f5c98042e3314a61dc688532e10b8302
                                                        • Opcode Fuzzy Hash: 924f82703f0a81e71e853d4bea69e19a3f161d140e44deee6548dec45eb071b7
                                                        • Instruction Fuzzy Hash: AE016D31C01529DBCF009FE5DC996EDBBB8FF09701F000596E552B6150CB709559C7A2
                                                        Function 00BB10F9 Relevance: 7.5, APIs: 5, Instructions: 46memoryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00BB1114
                                                        • GetLastError.KERNEL32(?,00000000,00000000,?,?,00BB0B9B,?,?,?), ref: 00BB1120
                                                        • GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00BB0B9B,?,?,?), ref: 00BB112F
                                                        • HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00BB0B9B,?,?,?), ref: 00BB1136
                                                        • GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00BB114D
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: HeapObjectSecurityUser$AllocErrorLastProcess
                                                        • String ID:
                                                        • API String ID: 842720411-0
                                                        • Opcode ID: 15fa3c3f3e15232308525f3be68d762fa90b59c44f13472ca32ecde469630978
                                                        • Instruction ID: 7ed07c14ebcca77e55e80d2d06b3df9c016d8e2aaf9bb30e3dcb6a5f0af79b01
                                                        • Opcode Fuzzy Hash: 15fa3c3f3e15232308525f3be68d762fa90b59c44f13472ca32ecde469630978
                                                        • Instruction Fuzzy Hash: 7C018175100205BFDB114F68DC89EAA3FAEEF86360B200458FA41D7350DF71DC018A60
                                                        Function 00BB0FB4 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00BB0FCA
                                                        • GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00BB0FD6
                                                        • GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00BB0FE5
                                                        • HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00BB0FEC
                                                        • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00BB1002
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: HeapInformationToken$AllocErrorLastProcess
                                                        • String ID:
                                                        • API String ID: 44706859-0
                                                        • Opcode ID: 7908c9557af3d91b77dabf615b4a428fe6ecbc143173aabb21cf8a8251e760a6
                                                        • Instruction ID: f5f62176a1bee79984be034ea3ba21eb580849f0ad143a59e4d54321f88ca463
                                                        • Opcode Fuzzy Hash: 7908c9557af3d91b77dabf615b4a428fe6ecbc143173aabb21cf8a8251e760a6
                                                        • Instruction Fuzzy Hash: A6F0A935200345AFDB211FA89C9DFA63FADEF8A762FA00814FE05DB251CE70DC418A60
                                                        Function 00BB1014 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 00BB102A
                                                        • GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 00BB1036
                                                        • GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00BB1045
                                                        • HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 00BB104C
                                                        • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00BB1062
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: HeapInformationToken$AllocErrorLastProcess
                                                        • String ID:
                                                        • API String ID: 44706859-0
                                                        • Opcode ID: 8ae45432b415fd948f4c17b5008d913f3ee053ad44bef2327bbee659cbc5693c
                                                        • Instruction ID: 25e757f903f8c6db2a757fa68f8fdcaa3c514cc720e270d4b2fec17b650a9b49
                                                        • Opcode Fuzzy Hash: 8ae45432b415fd948f4c17b5008d913f3ee053ad44bef2327bbee659cbc5693c
                                                        • Instruction Fuzzy Hash: 4CF06D35200341EBDB216FA8EC99FA63FADEF8A761F600814FE45DB251CE70D8418A60
                                                        Function 00BC030F Relevance: 7.5, APIs: 6, Instructions: 41COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CloseHandle.KERNEL32(?,?,?,?,00BC017D,?,00BC32FC,?,00000001,00B92592,?), ref: 00BC0324
                                                        • CloseHandle.KERNEL32(?,?,?,?,00BC017D,?,00BC32FC,?,00000001,00B92592,?), ref: 00BC0331
                                                        • CloseHandle.KERNEL32(?,?,?,?,00BC017D,?,00BC32FC,?,00000001,00B92592,?), ref: 00BC033E
                                                        • CloseHandle.KERNEL32(?,?,?,?,00BC017D,?,00BC32FC,?,00000001,00B92592,?), ref: 00BC034B
                                                        • CloseHandle.KERNEL32(?,?,?,?,00BC017D,?,00BC32FC,?,00000001,00B92592,?), ref: 00BC0358
                                                        • CloseHandle.KERNEL32(?,?,?,?,00BC017D,?,00BC32FC,?,00000001,00B92592,?), ref: 00BC0365
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: CloseHandle
                                                        • String ID:
                                                        • API String ID: 2962429428-0
                                                        • Opcode ID: 2a206c2e258dc59985c0edbebbc2da371a69076ac6312461f0dd5f5f4fd03eb1
                                                        • Instruction ID: 2952c8c4070ca66ba6052cfdd728f6e44f7fcd925ae4a31e669e9ab97a66e59f
                                                        • Opcode Fuzzy Hash: 2a206c2e258dc59985c0edbebbc2da371a69076ac6312461f0dd5f5f4fd03eb1
                                                        • Instruction Fuzzy Hash: B601D872800B81CFCB30AF66D880802FBF9FFA02153048A3ED19252931C3B0A989CE84
                                                        Function 00B8D73A Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                        Download Yara Rule
                                                        APIs
                                                        • _free.LIBCMT ref: 00B8D752
                                                          • Part of subcall function 00B829C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00B8D7D1,00000000,00000000,00000000,00000000,?,00B8D7F8,00000000,00000007,00000000,?,00B8DBF5,00000000), ref: 00B829DE
                                                          • Part of subcall function 00B829C8: GetLastError.KERNEL32(00000000,?,00B8D7D1,00000000,00000000,00000000,00000000,?,00B8D7F8,00000000,00000007,00000000,?,00B8DBF5,00000000,00000000), ref: 00B829F0
                                                        • _free.LIBCMT ref: 00B8D764
                                                        • _free.LIBCMT ref: 00B8D776
                                                        • _free.LIBCMT ref: 00B8D788
                                                        • _free.LIBCMT ref: 00B8D79A
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: _free$ErrorFreeHeapLast
                                                        • String ID:
                                                        • API String ID: 776569668-0
                                                        • Opcode ID: ac34478de7ed283637d88473be79da1deec76b127853ad6daf19183544ddc782
                                                        • Instruction ID: b8b4b89dde8b92acb34afc46e9725ee575fc9205a9bc56d13e3ece111e3db8ae
                                                        • Opcode Fuzzy Hash: ac34478de7ed283637d88473be79da1deec76b127853ad6daf19183544ddc782
                                                        • Instruction Fuzzy Hash: 4EF09632540204ABC621FB68F9C1E5A77EDFB05320B954C96F048D76A1CB34FC80C764
                                                        Function 00BB5C44 Relevance: 7.5, APIs: 5, Instructions: 40windowtimeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetDlgItem.USER32(?,000003E9), ref: 00BB5C58
                                                        • GetWindowTextW.USER32(00000000,?,00000100), ref: 00BB5C6F
                                                        • MessageBeep.USER32(00000000), ref: 00BB5C87
                                                        • KillTimer.USER32(?,0000040A), ref: 00BB5CA3
                                                        • EndDialog.USER32(?,00000001), ref: 00BB5CBD
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: BeepDialogItemKillMessageTextTimerWindow
                                                        • String ID:
                                                        • API String ID: 3741023627-0
                                                        • Opcode ID: 861e83786d354024e4588c97be08ea2b174c74d918cfdb5488e48c222beb4909
                                                        • Instruction ID: 4bfa19840b1b58dd6dcfade54c8b6a4ffc5332d7a8a640f7781b0b3b772bd08e
                                                        • Opcode Fuzzy Hash: 861e83786d354024e4588c97be08ea2b174c74d918cfdb5488e48c222beb4909
                                                        • Instruction Fuzzy Hash: 7B016230500B44AFEB305B10DD8EFF67FF9FF00B05F001599A582A60E1DBF0A9858A91
                                                        Function 00B822A0 Relevance: 7.5, APIs: 5, Instructions: 30COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • _free.LIBCMT ref: 00B822BE
                                                          • Part of subcall function 00B829C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00B8D7D1,00000000,00000000,00000000,00000000,?,00B8D7F8,00000000,00000007,00000000,?,00B8DBF5,00000000), ref: 00B829DE
                                                          • Part of subcall function 00B829C8: GetLastError.KERNEL32(00000000,?,00B8D7D1,00000000,00000000,00000000,00000000,?,00B8D7F8,00000000,00000007,00000000,?,00B8DBF5,00000000,00000000), ref: 00B829F0
                                                        • _free.LIBCMT ref: 00B822D0
                                                        • _free.LIBCMT ref: 00B822E3
                                                        • _free.LIBCMT ref: 00B822F4
                                                        • _free.LIBCMT ref: 00B82305
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: _free$ErrorFreeHeapLast
                                                        • String ID:
                                                        • API String ID: 776569668-0
                                                        • Opcode ID: 21013e86b4014fd915ad2f9b56c0d4dc4803d0d13bb799abae07b6b724b02e24
                                                        • Instruction ID: 7239c96c64c3a09b8add7165762422b717908d2227ad4d8d1d2750d4a05f7d53
                                                        • Opcode Fuzzy Hash: 21013e86b4014fd915ad2f9b56c0d4dc4803d0d13bb799abae07b6b724b02e24
                                                        • Instruction Fuzzy Hash: 56F05E708A01208B8A32BF94BC81B4C3BE4F729760716059BF810D67B2C7341853EFE4
                                                        Function 00B695C5 Relevance: 7.5, APIs: 5, Instructions: 29COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • EndPath.GDI32(?), ref: 00B695D4
                                                        • StrokeAndFillPath.GDI32(?,?,00BA71F7,00000000,?,?,?), ref: 00B695F0
                                                        • SelectObject.GDI32(?,00000000), ref: 00B69603
                                                        • DeleteObject.GDI32 ref: 00B69616
                                                        • StrokePath.GDI32(?), ref: 00B69631
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: Path$ObjectStroke$DeleteFillSelect
                                                        • String ID:
                                                        • API String ID: 2625713937-0
                                                        • Opcode ID: fac60c472b24f65d3ce7e83776656c7336fe08cb33f627791496025cc9e5d9ad
                                                        • Instruction ID: 95d38bac18cffb8a21f5ab3a96668ffb71d010182308be8f7ee6f0639002acbd
                                                        • Opcode Fuzzy Hash: fac60c472b24f65d3ce7e83776656c7336fe08cb33f627791496025cc9e5d9ad
                                                        • Instruction Fuzzy Hash: 85F0CD31015388DBD7266F65ED58B683FA5F721322F088254F8655A4F1CB344597DF21
                                                        Function 00B80F47 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 389COMMONLIBRARYCODE
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: __freea$_free
                                                        • String ID: a/p$am/pm
                                                        • API String ID: 3432400110-3206640213
                                                        • Opcode ID: 12ab0b40a0f959cd47fa6b0b35ff645d858a1f9602f0c7cb21bb4704ad5f48e4
                                                        • Instruction ID: f122b3079abe49dcb88e463e7942f9352e08bf3b8cbf60fd45b79a71c59b8bb2
                                                        • Opcode Fuzzy Hash: 12ab0b40a0f959cd47fa6b0b35ff645d858a1f9602f0c7cb21bb4704ad5f48e4
                                                        • Instruction Fuzzy Hash: 65D1F531902206EACB24BF6CC895BFAB7F8EF06700F1449D9E505AB670D3759D82CB65
                                                        Function 00BD7B7E Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 230COMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00B70242: EnterCriticalSection.KERNEL32(00C2070C,00C21884,?,?,00B6198B,00C22518,?,?,?,00B512F9,00000000), ref: 00B7024D
                                                          • Part of subcall function 00B70242: LeaveCriticalSection.KERNEL32(00C2070C,?,00B6198B,00C22518,?,?,?,00B512F9,00000000), ref: 00B7028A
                                                          • Part of subcall function 00B59CB3: _wcslen.LIBCMT ref: 00B59CBD
                                                          • Part of subcall function 00B700A3: __onexit.LIBCMT ref: 00B700A9
                                                        • __Init_thread_footer.LIBCMT ref: 00BD7BFB
                                                          • Part of subcall function 00B701F8: EnterCriticalSection.KERNEL32(00C2070C,?,?,00B68747,00C22514), ref: 00B70202
                                                          • Part of subcall function 00B701F8: LeaveCriticalSection.KERNEL32(00C2070C,?,00B68747,00C22514), ref: 00B70235
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: CriticalSection$EnterLeave$Init_thread_footer__onexit_wcslen
                                                        • String ID: 5$G$Variable must be of type 'Object'.
                                                        • API String ID: 535116098-3733170431
                                                        • Opcode ID: b617e6a195f5046dab4f4952b7d9541bc8f8c8aca1c0af1334931528be7219d3
                                                        • Instruction ID: 6c886c2a3b0b3df3d2fe9c6483b6317005f4caa035bbd195524bea0cb1a21cdf
                                                        • Opcode Fuzzy Hash: b617e6a195f5046dab4f4952b7d9541bc8f8c8aca1c0af1334931528be7219d3
                                                        • Instruction Fuzzy Hash: 1E914A74A44209AFCB14EF54D8919EDB7F2EF49304F1480EAF8066B391EB71AE45CB51
                                                        Function 00BB2716 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 121windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00BBB403: WriteProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,00BB21D0,?,?,00000034,00000800,?,00000034), ref: 00BBB42D
                                                        • SendMessageW.USER32(?,00001104,00000000,00000000), ref: 00BB2760
                                                          • Part of subcall function 00BBB3CE: ReadProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,00BB21FF,?,?,00000800,?,00001073,00000000,?,?), ref: 00BBB3F8
                                                          • Part of subcall function 00BBB32A: GetWindowThreadProcessId.USER32(?,?), ref: 00BBB355
                                                          • Part of subcall function 00BBB32A: OpenProcess.KERNEL32(00000438,00000000,?,?,?,00BB2194,00000034,?,?,00001004,00000000,00000000), ref: 00BBB365
                                                          • Part of subcall function 00BBB32A: VirtualAllocEx.KERNEL32(00000000,00000000,?,00001000,00000004,?,?,00BB2194,00000034,?,?,00001004,00000000,00000000), ref: 00BBB37B
                                                        • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 00BB27CD
                                                        • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 00BB281A
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: Process$MessageSend$Memory$AllocOpenReadThreadVirtualWindowWrite
                                                        • String ID: @
                                                        • API String ID: 4150878124-2766056989
                                                        • Opcode ID: f8e81ad1fccc2d97fdcce3eb2271c7d1d81572b2f76bf0fa8be122283e261baa
                                                        • Instruction ID: f8b06e6ba4c81879d8f8f1da8bcc3665154f835d89403e9cfb9615c5e6b047ee
                                                        • Opcode Fuzzy Hash: f8e81ad1fccc2d97fdcce3eb2271c7d1d81572b2f76bf0fa8be122283e261baa
                                                        • Instruction Fuzzy Hash: 4B41D876900218AFDB10DBA4CD85EEEBBB8EF09700F104099FA55B7191DBB16E45CBA1
                                                        Function 00B8172E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 115COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\file.exe,00000104), ref: 00B81769
                                                        • _free.LIBCMT ref: 00B81834
                                                        • _free.LIBCMT ref: 00B8183E
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: _free$FileModuleName
                                                        • String ID: C:\Users\user\Desktop\file.exe
                                                        • API String ID: 2506810119-3417719964
                                                        • Opcode ID: a6118ba96f222e91064a0a3a29a0795c39db901b4ae4f0d0ee7d011904241518
                                                        • Instruction ID: 6ade0b41ee5c906055bc1a7cbfba41c30dc079644fa85f89370c8a3e7d811f26
                                                        • Opcode Fuzzy Hash: a6118ba96f222e91064a0a3a29a0795c39db901b4ae4f0d0ee7d011904241518
                                                        • Instruction Fuzzy Hash: 2A3166B5A01218EBDB21EB999885D9EBBFCEB95710B1445EAF80497221D6704E42CB90
                                                        Function 00BBC27D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 114windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetMenuItemInfoW.USER32(00000004,00000000,00000000,?), ref: 00BBC306
                                                        • DeleteMenu.USER32(?,00000007,00000000), ref: 00BBC34C
                                                        • DeleteMenu.USER32(?,00000000,00000000,?,00000000,00000000,00C21990,015DE9B8), ref: 00BBC395
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: Menu$Delete$InfoItem
                                                        • String ID: 0
                                                        • API String ID: 135850232-4108050209
                                                        • Opcode ID: 22608904bf3a6a5731641869c437cb0541b67bbce042eabbb9912156d9ee4080
                                                        • Instruction ID: 876f9b5e008ac46b948522fd9cd5576a6bd9ba61323197ca65589a2da467e7f0
                                                        • Opcode Fuzzy Hash: 22608904bf3a6a5731641869c437cb0541b67bbce042eabbb9912156d9ee4080
                                                        • Instruction Fuzzy Hash: A1419F312043419FD720DF24D885FAABFE4EB85310F14869EF9A5972D2D7B0A904CB6A
                                                        Function 00BE4416 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 106COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013,?,?,SysTreeView32,00BECC08,00000000,?,?,?,?), ref: 00BE44AA
                                                        • GetWindowLongW.USER32 ref: 00BE44C7
                                                        • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00BE44D7
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: Window$Long
                                                        • String ID: SysTreeView32
                                                        • API String ID: 847901565-1698111956
                                                        • Opcode ID: 81f93d51b6aae4b2e2474f9bb7fa0423490ce484d9e6d78d54bc7540083d6551
                                                        • Instruction ID: de13cf138977672634d983801a50012632e2f405d54417b6b96b1a6bd83644d8
                                                        • Opcode Fuzzy Hash: 81f93d51b6aae4b2e2474f9bb7fa0423490ce484d9e6d78d54bc7540083d6551
                                                        • Instruction Fuzzy Hash: 0E319C31210285AFDB208E39DC85BEA7BE9EB08334F204765F975A32E0DB70AC519750
                                                        Function 00BD304E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 90networkCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00BD335B: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,?,?,?,?,00BD3077,?,?), ref: 00BD3378
                                                        • inet_addr.WSOCK32(?), ref: 00BD307A
                                                        • _wcslen.LIBCMT ref: 00BD309B
                                                        • htons.WSOCK32(00000000), ref: 00BD3106
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: ByteCharMultiWide_wcslenhtonsinet_addr
                                                        • String ID: 255.255.255.255
                                                        • API String ID: 946324512-2422070025
                                                        • Opcode ID: 35e39cdaa906b76b18b7e676ee4fe72a18b5af33ee60d870b7b551a2f94abecb
                                                        • Instruction ID: 94a94766ad5bb97e6eba1c0b78890cf5759ebab70d934cea16e6a3438fb617fe
                                                        • Opcode Fuzzy Hash: 35e39cdaa906b76b18b7e676ee4fe72a18b5af33ee60d870b7b551a2f94abecb
                                                        • Instruction Fuzzy Hash: 1231B2392002029FCB10CF68C585FA9B7E0EF14714F2880DAE9159B393EB72DE45C762
                                                        Function 00BE3EB8 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 89windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SendMessageW.USER32(00000000,00001009,00000000,?), ref: 00BE3F40
                                                        • SetWindowPos.USER32(?,00000000,?,?,?,?,00000004), ref: 00BE3F54
                                                        • SendMessageW.USER32(?,00001002,00000000,?), ref: 00BE3F78
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: MessageSend$Window
                                                        • String ID: SysMonthCal32
                                                        • API String ID: 2326795674-1439706946
                                                        • Opcode ID: 5496dcc8c6d8557f7cef0c1b556d0d358d101e2a0a9ebe781ed7e18d19f89dea
                                                        • Instruction ID: 860ba7717ab27cc74d9916e4a7ba4fbbc2c5f2fe783d46fcaaf6448e4dda3cf8
                                                        • Opcode Fuzzy Hash: 5496dcc8c6d8557f7cef0c1b556d0d358d101e2a0a9ebe781ed7e18d19f89dea
                                                        • Instruction Fuzzy Hash: 3E217C32610259BFDF218F91CC86FEA3BB5EF48714F110254FA156B1D0D6B1A9519B90
                                                        Function 00BE4653 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 87windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SendMessageW.USER32(00000000,00000469,?,00000000), ref: 00BE4705
                                                        • SendMessageW.USER32(00000000,00000465,00000000,80017FFF), ref: 00BE4713
                                                        • DestroyWindow.USER32(00000000,00000000,?,?,?,00000000,msctls_updown32,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 00BE471A
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: MessageSend$DestroyWindow
                                                        • String ID: msctls_updown32
                                                        • API String ID: 4014797782-2298589950
                                                        • Opcode ID: 36654f833fc58aa85f0444069bc879e6b5d490f4de3e6a9da04ce105659ac9fc
                                                        • Instruction ID: b26d214377bc0e8df37e57ea2cf02f32afc08d7607749367e55d8f9fb7fb9e8f
                                                        • Opcode Fuzzy Hash: 36654f833fc58aa85f0444069bc879e6b5d490f4de3e6a9da04ce105659ac9fc
                                                        • Instruction Fuzzy Hash: 98215EB5600248AFDB10DF65DCC1EAB37EDEF5A3A4B040099FA009B351CB30EC52CAA0
                                                        Function 00BB95AD Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 85COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: _wcslen
                                                        • String ID: #OnAutoItStartRegister$#notrayicon$#requireadmin
                                                        • API String ID: 176396367-2734436370
                                                        • Opcode ID: fe7556c3f55a79b14703f1a8f600e56c82313056b696d299748eaa33288bbed9
                                                        • Instruction ID: 76428af0b53fbcbe7b48fa19109aa18c6fca38d5b872fd04e180a09f5fb096aa
                                                        • Opcode Fuzzy Hash: fe7556c3f55a79b14703f1a8f600e56c82313056b696d299748eaa33288bbed9
                                                        • Instruction Fuzzy Hash: C921383224421167C331AA25DC42FFB73D8DF61300F1080E6FA5A97041EBD19D45C295
                                                        Function 00BE37B7 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SendMessageW.USER32(00000000,00000180,00000000,?), ref: 00BE3840
                                                        • SendMessageW.USER32(?,00000186,00000000,00000000), ref: 00BE3850
                                                        • MoveWindow.USER32(00000000,?,?,?,?,00000000,?,?,Listbox,00000000,00000000,?,?,?,?,?), ref: 00BE3876
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: MessageSend$MoveWindow
                                                        • String ID: Listbox
                                                        • API String ID: 3315199576-2633736733
                                                        • Opcode ID: cdf273b539b13e2ed37dfabae33aa14f318ab528e24fd4fc6cd6b18143fd506d
                                                        • Instruction ID: c56a61e86b9274c4dd328767756d0655b9710ed71cabc079356ba8274c19a0cb
                                                        • Opcode Fuzzy Hash: cdf273b539b13e2ed37dfabae33aa14f318ab528e24fd4fc6cd6b18143fd506d
                                                        • Instruction Fuzzy Hash: 8B218072610158BBEB218F56CC85FAB3BEAEF89B50F118164F9059B190CB71DD52C7A0
                                                        Function 00BC49F4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetErrorMode.KERNEL32(00000001), ref: 00BC4A08
                                                        • GetVolumeInformationW.KERNEL32(?,?,00007FFF,?,00000000,00000000,00000000,00000000), ref: 00BC4A5C
                                                        • SetErrorMode.KERNEL32(00000000,?,?,00BECC08), ref: 00BC4AD0
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: ErrorMode$InformationVolume
                                                        • String ID: %lu
                                                        • API String ID: 2507767853-685833217
                                                        • Opcode ID: 07cd1beba27858b826beaf7524556ee3a6f422abd9a2d826be90ce310dad57cf
                                                        • Instruction ID: 108147121fbf0880b2abf5eab92748b17ca69e7722a09a2e0d418dc9c7e4d13b
                                                        • Opcode Fuzzy Hash: 07cd1beba27858b826beaf7524556ee3a6f422abd9a2d826be90ce310dad57cf
                                                        • Instruction Fuzzy Hash: 08312F75A00109AFDB10DF54C895EAA7BF8EF05304F1440E9F909DB262DB75EE46CB61
                                                        Function 00BE41EB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SendMessageW.USER32(00000000,00000405,00000000,00000000), ref: 00BE424F
                                                        • SendMessageW.USER32(?,00000406,00000000,00640000), ref: 00BE4264
                                                        • SendMessageW.USER32(?,00000414,0000000A,00000000), ref: 00BE4271
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: MessageSend
                                                        • String ID: msctls_trackbar32
                                                        • API String ID: 3850602802-1010561917
                                                        • Opcode ID: 3fa0c1f1c2f3c074b06c9b5c42645ddb537540d840332ae0cafdf0a444c7e37f
                                                        • Instruction ID: b5a9e7cdcb7a0c06416e5c753e15bf10e4ffa1d4ee4fe814938f2d4c6211304a
                                                        • Opcode Fuzzy Hash: 3fa0c1f1c2f3c074b06c9b5c42645ddb537540d840332ae0cafdf0a444c7e37f
                                                        • Instruction Fuzzy Hash: A911A331250288BEEF215E69CC46FAB3BECEF99B64F110524FA55E6090D771DC519B10
                                                        Function 00BB2F52 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00B56B57: _wcslen.LIBCMT ref: 00B56B6A
                                                          • Part of subcall function 00BB2DA7: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00BB2DC5
                                                          • Part of subcall function 00BB2DA7: GetWindowThreadProcessId.USER32(?,00000000), ref: 00BB2DD6
                                                          • Part of subcall function 00BB2DA7: GetCurrentThreadId.KERNEL32 ref: 00BB2DDD
                                                          • Part of subcall function 00BB2DA7: AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 00BB2DE4
                                                        • GetFocus.USER32 ref: 00BB2F78
                                                          • Part of subcall function 00BB2DEE: GetParent.USER32(00000000), ref: 00BB2DF9
                                                        • GetClassNameW.USER32(?,?,00000100), ref: 00BB2FC3
                                                        • EnumChildWindows.USER32(?,00BB303B), ref: 00BB2FEB
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: Thread$AttachChildClassCurrentEnumFocusInputMessageNameParentProcessSendTimeoutWindowWindows_wcslen
                                                        • String ID: %s%d
                                                        • API String ID: 1272988791-1110647743
                                                        • Opcode ID: 596e69a128b02a62109cc8ca36610389a155656f55bd93e97c2da6d839c22428
                                                        • Instruction ID: f89474f9557a5f52f5a966998653d50eecc29339b2a2484e64e6935ae1eec29e
                                                        • Opcode Fuzzy Hash: 596e69a128b02a62109cc8ca36610389a155656f55bd93e97c2da6d839c22428
                                                        • Instruction Fuzzy Hash: 2F1190716002056BDF157F608CC6FFE37EAAF94304F4440B5BE099B252DEB4994A9B60
                                                        Function 00BE5882 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetMenuItemInfoW.USER32(?,?,?,00000030), ref: 00BE58C1
                                                        • SetMenuItemInfoW.USER32(?,?,?,00000030), ref: 00BE58EE
                                                        • DrawMenuBar.USER32(?), ref: 00BE58FD
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: Menu$InfoItem$Draw
                                                        • String ID: 0
                                                        • API String ID: 3227129158-4108050209
                                                        • Opcode ID: f50929b4590ade62ed608b220e15bc5c8e34be5d062010ffdca66153026f8541
                                                        • Instruction ID: 2d6efcd652640c3f06d01f6b5454eef926fa792deb026d0c60d037e8ec785d4f
                                                        • Opcode Fuzzy Hash: f50929b4590ade62ed608b220e15bc5c8e34be5d062010ffdca66153026f8541
                                                        • Instruction Fuzzy Hash: A8015B35500299EEDB219F12EC85BAEBFF4FB45364F1080D9E949DA252DB308A94DF21
                                                        Function 00BAD3A0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetProcAddress.KERNEL32(9C15FF00,GetSystemWow64DirectoryW), ref: 00BAD3BF
                                                        • FreeLibrary.KERNEL32(9C15FF00), ref: 00BAD3E5
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: AddressFreeLibraryProc
                                                        • String ID: GetSystemWow64DirectoryW$X64
                                                        • API String ID: 3013587201-2590602151
                                                        • Opcode ID: 25424abfbf19476015aa79d74aba9b30145fa9266b9eb6df3912d5085db1972e
                                                        • Instruction ID: c47cc44f3338feed3d1404e544c2170afd28026602f828983c9b4e20369692af
                                                        • Opcode Fuzzy Hash: 25424abfbf19476015aa79d74aba9b30145fa9266b9eb6df3912d5085db1972e
                                                        • Instruction Fuzzy Hash: C3F0552680CB118BDB305210CC88B6D37E4FF23701B9982C9F013F28A4DB60CC49C68A
                                                        Function 00BB007F Relevance: 6.3, APIs: 4, Instructions: 322COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f7765fb45115511e93faa65361cde5b147b35d94e648040b834cd0276bab1915
                                                        • Instruction ID: 3673f306a2971274f6e8c98aa8d2e35721bcf323d291b120e716ab483d423816
                                                        • Opcode Fuzzy Hash: f7765fb45115511e93faa65361cde5b147b35d94e648040b834cd0276bab1915
                                                        • Instruction Fuzzy Hash: 14C13875A1020AAFDB14DFA8C898ABEB7F5FF48304F208598E505EB251D7B1ED41CB94
                                                        Function 00B83E80 Relevance: 6.3, APIs: 4, Instructions: 305COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: __alldvrm$_strrchr
                                                        • String ID:
                                                        • API String ID: 1036877536-0
                                                        • Opcode ID: 190bec492484a18a97fe5f025dcdb3e473ceac46589bc02d4dbe4f94f5be8f6e
                                                        • Instruction ID: 7fd4dd62d65b0dfb75ee94d54a92c6c093cd9b0b1edf3f5927d65d2ae8820888
                                                        • Opcode Fuzzy Hash: 190bec492484a18a97fe5f025dcdb3e473ceac46589bc02d4dbe4f94f5be8f6e
                                                        • Instruction Fuzzy Hash: 9FA12571A003879FDB15EF18C8917AABFE5EF61350F1841EDE6959B2A2C7388941C790
                                                        Function 00BD342E Relevance: 6.3, APIs: 4, Instructions: 257COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: Variant$ClearInitInitializeUninitialize
                                                        • String ID:
                                                        • API String ID: 1998397398-0
                                                        • Opcode ID: 69f81b029acb431aa822bbad7fd532a35ca331d05818bfbef1ef501d4b2f2fe9
                                                        • Instruction ID: e22b472cb02580457648569ff6d647da5e27f5a806090913105f4b94a880e324
                                                        • Opcode Fuzzy Hash: 69f81b029acb431aa822bbad7fd532a35ca331d05818bfbef1ef501d4b2f2fe9
                                                        • Instruction Fuzzy Hash: 33A14C756143009FC700DF28D495A2AB7E5FF88715F04889EF98A9B362EB30ED05CB52
                                                        Function 00BB0436 Relevance: 6.2, APIs: 4, Instructions: 230COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • ProgIDFromCLSID.OLE32(?,00000000,?,00000000,00000800,00000000,?,00BEFC08,?), ref: 00BB05F0
                                                        • CoTaskMemFree.OLE32(00000000,00000000,?,00000000,00000800,00000000,?,00BEFC08,?), ref: 00BB0608
                                                        • CLSIDFromProgID.OLE32(?,?,00000000,00BECC40,000000FF,?,00000000,00000800,00000000,?,00BEFC08,?), ref: 00BB062D
                                                        • _memcmp.LIBVCRUNTIME ref: 00BB064E
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: FromProg$FreeTask_memcmp
                                                        • String ID:
                                                        • API String ID: 314563124-0
                                                        • Opcode ID: 4712bd25b93282d2534d52b2ee0fc912774bfd7af30f26af3c78a414755a9e65
                                                        • Instruction ID: 88d0e0fabf0265eea3b6ed3f64253327edba18f0b9e9feb2b0f0c8e794af74dd
                                                        • Opcode Fuzzy Hash: 4712bd25b93282d2534d52b2ee0fc912774bfd7af30f26af3c78a414755a9e65
                                                        • Instruction Fuzzy Hash: 6A81E771A10109EFCB04DF98C984EFEB7F9FF89315B204598E516AB250DB71AE06CB60
                                                        Function 00B91391 Relevance: 6.2, APIs: 4, Instructions: 152COMMONLIBRARYCODE
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: _free
                                                        • String ID:
                                                        • API String ID: 269201875-0
                                                        • Opcode ID: e36ef95756fcf0bc80cee15255057f65c8b9570587214bacc7f687fcb49be877
                                                        • Instruction ID: cfd908346ddb88e633b84f25abb7dbf185d2a69e4f4b39610e432910bd3fdc85
                                                        • Opcode Fuzzy Hash: e36ef95756fcf0bc80cee15255057f65c8b9570587214bacc7f687fcb49be877
                                                        • Instruction Fuzzy Hash: D3410D35600103ABDF217BBD9C856BE3AE4EF45370F258AF5F429D6392D6348841BB62
                                                        Function 00BE6278 Relevance: 6.1, APIs: 4, Instructions: 138COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetWindowRect.USER32(?,?), ref: 00BE62E2
                                                        • ScreenToClient.USER32(?,?), ref: 00BE6315
                                                        • MoveWindow.USER32(?,?,?,?,000000FF,00000001,?,?,?,?,?), ref: 00BE6382
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: Window$ClientMoveRectScreen
                                                        • String ID:
                                                        • API String ID: 3880355969-0
                                                        • Opcode ID: a74422debd8c9c55708f7727e89b3e74453fa94dcd280c7593fb4c99151eb295
                                                        • Instruction ID: a91830235644373b207e21f1fbd9e1a33c5f7daa61414794d3505b569c420437
                                                        • Opcode Fuzzy Hash: a74422debd8c9c55708f7727e89b3e74453fa94dcd280c7593fb4c99151eb295
                                                        • Instruction Fuzzy Hash: FD512D74900289AFDF24DF59D880AAE7BF6FF653A0F148299F9159B290D730ED81CB50
                                                        Function 00BD1AD6 Relevance: 6.1, APIs: 4, Instructions: 138networkCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • socket.WSOCK32(00000002,00000002,00000011), ref: 00BD1AFD
                                                        • WSAGetLastError.WSOCK32 ref: 00BD1B0B
                                                        • #21.WSOCK32(?,0000FFFF,00000020,00000002,00000004), ref: 00BD1B8A
                                                        • WSAGetLastError.WSOCK32 ref: 00BD1B94
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: ErrorLast$socket
                                                        • String ID:
                                                        • API String ID: 1881357543-0
                                                        • Opcode ID: 48675e21e0987861d4d436355c6ba0809c907b75d0de9449030871f91ecac467
                                                        • Instruction ID: 9c4fa1edc5ac5f35c0907040107b6d10c1801f9434c12be1f13548dd9507a3f7
                                                        • Opcode Fuzzy Hash: 48675e21e0987861d4d436355c6ba0809c907b75d0de9449030871f91ecac467
                                                        • Instruction Fuzzy Hash: 60418234640200AFE720AF24D886F2677E5EB44718F5484DDF9599F3D2EB72ED468B90
                                                        Function 00B8B41F Relevance: 6.1, APIs: 4, Instructions: 133COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: e8c06ce26652f5dfad1068c0cae04a53b5e2e8cc165ec72dde4e71d02d66b83d
                                                        • Instruction ID: fe96600609817016f60a48ea0da3f87e2035df12a3deac803df1e09809a0d74b
                                                        • Opcode Fuzzy Hash: e8c06ce26652f5dfad1068c0cae04a53b5e2e8cc165ec72dde4e71d02d66b83d
                                                        • Instruction Fuzzy Hash: 57410875A00704AFD724AF38CC42FAABBE9EB84710F1085AEF556DB3A2D7719901C790
                                                        Function 00BC56D9 Relevance: 6.1, APIs: 4, Instructions: 110fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CreateHardLinkW.KERNEL32(00000002,?,00000000), ref: 00BC5783
                                                        • GetLastError.KERNEL32(?,00000000), ref: 00BC57A9
                                                        • DeleteFileW.KERNEL32(00000002,?,00000000), ref: 00BC57CE
                                                        • CreateHardLinkW.KERNEL32(00000002,?,00000000,?,00000000), ref: 00BC57FA
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: CreateHardLink$DeleteErrorFileLast
                                                        • String ID:
                                                        • API String ID: 3321077145-0
                                                        • Opcode ID: 331e146afc52ed2c7a843faeaca93a9512a8397beff326c493c1727c253c51f0
                                                        • Instruction ID: 9e8f3ba4e31f4c9e681114b41e12945a8f16ef368d4beb034ac9ad0c2faa7c32
                                                        • Opcode Fuzzy Hash: 331e146afc52ed2c7a843faeaca93a9512a8397beff326c493c1727c253c51f0
                                                        • Instruction Fuzzy Hash: 85412B39600610DFCB21DF15D494A5EBBE2EF99321B1984C8EC4AAB362DB34FD45CB91
                                                        Function 00B8D8C3 Relevance: 6.1, APIs: 4, Instructions: 110COMMONLIBRARYCODE
                                                        Download Yara Rule
                                                        APIs
                                                        • MultiByteToWideChar.KERNEL32(?,00000000,8BE85006,00B76D71,00000000,00000000,00B782D9,?,00B782D9,?,00000001,00B76D71,8BE85006,00000001,00B782D9,00B782D9), ref: 00B8D910
                                                        • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00B8D999
                                                        • GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 00B8D9AB
                                                        • __freea.LIBCMT ref: 00B8D9B4
                                                          • Part of subcall function 00B83820: RtlAllocateHeap.NTDLL(00000000,?,00C21444,?,00B6FDF5,?,?,00B5A976,00000010,00C21440,00B513FC,?,00B513C6,?,00B51129), ref: 00B83852
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: ByteCharMultiWide$AllocateHeapStringType__freea
                                                        • String ID:
                                                        • API String ID: 2652629310-0
                                                        • Opcode ID: c79f2e65861f1186b0007cc7e04d59bea7951346844a604844a5b1119107f1e2
                                                        • Instruction ID: cb0898de50d3b79abefc329044889df274e1e1fc44d64eaa3907084596b9e22d
                                                        • Opcode Fuzzy Hash: c79f2e65861f1186b0007cc7e04d59bea7951346844a604844a5b1119107f1e2
                                                        • Instruction Fuzzy Hash: 1131C372A0021AABDF25EF65DC85EAE7BE5EB41710F0542A9FC08D71A0EB35CD51CB90
                                                        Function 00BE52C1 Relevance: 6.1, APIs: 4, Instructions: 104windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SendMessageW.USER32(?,00001024,00000000,?), ref: 00BE5352
                                                        • GetWindowLongW.USER32(?,000000F0), ref: 00BE5375
                                                        • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00BE5382
                                                        • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 00BE53A8
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: LongWindow$InvalidateMessageRectSend
                                                        • String ID:
                                                        • API String ID: 3340791633-0
                                                        • Opcode ID: 251777c3badf51b355841f823a4ba02a90528f45505b022af0596b0a50e18f7a
                                                        • Instruction ID: 813883f1b94b66534a36961dc68308ca152f73fd9f81b8f0aea55b4f0fde1d72
                                                        • Opcode Fuzzy Hash: 251777c3badf51b355841f823a4ba02a90528f45505b022af0596b0a50e18f7a
                                                        • Instruction Fuzzy Hash: 39310534A55A8CEFEB309F16CC46BE937E6EB05394F584181FA12971E1C7B09D809B49
                                                        Function 00BBAB9C Relevance: 6.1, APIs: 4, Instructions: 103keyboardwindowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetKeyboardState.USER32(?,7707C0D0,?,00008000), ref: 00BBABF1
                                                        • SetKeyboardState.USER32(00000080,?,00008000), ref: 00BBAC0D
                                                        • PostMessageW.USER32(00000000,00000101,00000000), ref: 00BBAC74
                                                        • SendInput.USER32(00000001,?,0000001C,7707C0D0,?,00008000), ref: 00BBACC6
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: KeyboardState$InputMessagePostSend
                                                        • String ID:
                                                        • API String ID: 432972143-0
                                                        • Opcode ID: 03805693010859052149f724254c8b1c19a380b32232d9e2c482172afa58d0d1
                                                        • Instruction ID: 7538dd6ff3af4cda021fe06ce7e671e595dc295c3582f34a0117e6ffe9148c03
                                                        • Opcode Fuzzy Hash: 03805693010859052149f724254c8b1c19a380b32232d9e2c482172afa58d0d1
                                                        • Instruction Fuzzy Hash: DB311230E00658AFEF358B648C49BFA7FE5EB89310F04429AE481971D1D7F4998587A2
                                                        Function 00BE7674 Relevance: 6.1, APIs: 4, Instructions: 102windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • ClientToScreen.USER32(?,?), ref: 00BE769A
                                                        • GetWindowRect.USER32(?,?), ref: 00BE7710
                                                        • PtInRect.USER32(?,?,00BE8B89), ref: 00BE7720
                                                        • MessageBeep.USER32(00000000), ref: 00BE778C
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: Rect$BeepClientMessageScreenWindow
                                                        • String ID:
                                                        • API String ID: 1352109105-0
                                                        • Opcode ID: 9e1d12e019183646221529e7637f41bb38e2eca1e0cda2e6ef02bdaa46b90358
                                                        • Instruction ID: a77bb7a16873131f71a454af1bade682000d851c38d4805987029c7ebfa26438
                                                        • Opcode Fuzzy Hash: 9e1d12e019183646221529e7637f41bb38e2eca1e0cda2e6ef02bdaa46b90358
                                                        • Instruction Fuzzy Hash: 28419C346492949FDB12DF5AD894FA97BF4FB59314F1940E8E8249B261CB30AD82CB90
                                                        Function 00BE16DA Relevance: 6.1, APIs: 4, Instructions: 101COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetForegroundWindow.USER32 ref: 00BE16EB
                                                          • Part of subcall function 00BB3A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00BB3A57
                                                          • Part of subcall function 00BB3A3D: GetCurrentThreadId.KERNEL32 ref: 00BB3A5E
                                                          • Part of subcall function 00BB3A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,00BB25B3), ref: 00BB3A65
                                                        • GetCaretPos.USER32(?), ref: 00BE16FF
                                                        • ClientToScreen.USER32(00000000,?), ref: 00BE174C
                                                        • GetForegroundWindow.USER32 ref: 00BE1752
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: ThreadWindow$Foreground$AttachCaretClientCurrentInputProcessScreen
                                                        • String ID:
                                                        • API String ID: 2759813231-0
                                                        • Opcode ID: 3b78d6a5ef585bd0c5ec8df1f863d122ca8a9d877ff8a2dddf813f7e9a7022e8
                                                        • Instruction ID: c326af9a189c6ff8ab373e8b0981bdb80bbfa596818aaee80683e0f911170b2c
                                                        • Opcode Fuzzy Hash: 3b78d6a5ef585bd0c5ec8df1f863d122ca8a9d877ff8a2dddf813f7e9a7022e8
                                                        • Instruction Fuzzy Hash: DD311075D00249AFC704EFAAC881DAEBBF9EF48304B5484E9E415E7251DB319E45CBA0
                                                        Function 00BBDF95 Relevance: 6.1, APIs: 4, Instructions: 87COMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00B57620: _wcslen.LIBCMT ref: 00B57625
                                                        • _wcslen.LIBCMT ref: 00BBDFCB
                                                        • _wcslen.LIBCMT ref: 00BBDFE2
                                                        • _wcslen.LIBCMT ref: 00BBE00D
                                                        • GetTextExtentPoint32W.GDI32(?,00000000,00000000,?), ref: 00BBE018
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: _wcslen$ExtentPoint32Text
                                                        • String ID:
                                                        • API String ID: 3763101759-0
                                                        • Opcode ID: c62ed9f87519a48462a2b3a78bd128e8ee3c83a42abf7da08c33331f0adeec86
                                                        • Instruction ID: 7762abe150b9a028c0d6eb50e34c2545ad288baba346c4a3868a6f3197b2e2d4
                                                        • Opcode Fuzzy Hash: c62ed9f87519a48462a2b3a78bd128e8ee3c83a42abf7da08c33331f0adeec86
                                                        • Instruction Fuzzy Hash: FD21A171900214AFCB20EFA8D982BBEB7F8EF45750F1440E5E915BB242D7B4DE418BA1
                                                        Function 00BBD4DC Relevance: 6.1, APIs: 4, Instructions: 86processCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CreateToolhelp32Snapshot.KERNEL32 ref: 00BBD501
                                                        • Process32FirstW.KERNEL32(00000000,?), ref: 00BBD50F
                                                        • Process32NextW.KERNEL32(00000000,?), ref: 00BBD52F
                                                        • CloseHandle.KERNEL32(00000000), ref: 00BBD5DC
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
                                                        • String ID:
                                                        • API String ID: 420147892-0
                                                        • Opcode ID: 2c155edecbdd550703494e548680baa7fa7a6ce54f7f83266e73c7b292b875ac
                                                        • Instruction ID: efbc05422e7b3a87fea2cd8ba545168daa42319de408893931e6c6a6ffbcc4d6
                                                        • Opcode Fuzzy Hash: 2c155edecbdd550703494e548680baa7fa7a6ce54f7f83266e73c7b292b875ac
                                                        • Instruction Fuzzy Hash: D43181711083409FD310EF54C881BBFBBE8EF99354F5409ADF981971A1EBB19949CB92
                                                        Function 00BE8FC9 Relevance: 6.1, APIs: 4, Instructions: 78windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00B69BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00B69BB2
                                                        • GetCursorPos.USER32(?), ref: 00BE9001
                                                        • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000,?,00BA7711,?,?,?,?,?), ref: 00BE9016
                                                        • GetCursorPos.USER32(?), ref: 00BE905E
                                                        • DefDlgProcW.USER32(?,0000007B,?,?,?,?,?,?,?,?,?,?,00BA7711,?,?,?), ref: 00BE9094
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: Cursor$LongMenuPopupProcTrackWindow
                                                        • String ID:
                                                        • API String ID: 2864067406-0
                                                        • Opcode ID: 1a8278d79138b8e3f46735e47c3cebc512e8376defd54222e11053244e2ed572
                                                        • Instruction ID: 1613b6237274a14617a9b056e021cc445f763b16ac3691d7fd460671b8e06463
                                                        • Opcode Fuzzy Hash: 1a8278d79138b8e3f46735e47c3cebc512e8376defd54222e11053244e2ed572
                                                        • Instruction Fuzzy Hash: 3C21D172600158EFCB258F95CC98FFA3BF9EF89360F444095F9058B2A2C7359A91DB60
                                                        Function 00BBD2C1 Relevance: 6.1, APIs: 4, Instructions: 78COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetFileAttributesW.KERNEL32(?,00BECB68), ref: 00BBD2FB
                                                        • GetLastError.KERNEL32 ref: 00BBD30A
                                                        • CreateDirectoryW.KERNEL32(?,00000000), ref: 00BBD319
                                                        • CreateDirectoryW.KERNEL32(?,00000000,00000000,000000FF,00BECB68), ref: 00BBD376
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: CreateDirectory$AttributesErrorFileLast
                                                        • String ID:
                                                        • API String ID: 2267087916-0
                                                        • Opcode ID: 2dcd43a2b4c54177ccf9d41a40b3099298530aefabcd027bce8ef5221371c00a
                                                        • Instruction ID: cd00bceae75caa537ff04a32a67c2aab6309072bb6ceca8eaf0937bdf4bb453b
                                                        • Opcode Fuzzy Hash: 2dcd43a2b4c54177ccf9d41a40b3099298530aefabcd027bce8ef5221371c00a
                                                        • Instruction Fuzzy Hash: B521B570504301DF8300DF28C8819BE7BE4EE56364F104A9DF899C72A2EB75D94ACB97
                                                        Function 00BB1571 Relevance: 6.1, APIs: 4, Instructions: 78memoryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00BB1014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 00BB102A
                                                          • Part of subcall function 00BB1014: GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 00BB1036
                                                          • Part of subcall function 00BB1014: GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00BB1045
                                                          • Part of subcall function 00BB1014: HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 00BB104C
                                                          • Part of subcall function 00BB1014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00BB1062
                                                        • LookupPrivilegeValueW.ADVAPI32(00000000,?,?), ref: 00BB15BE
                                                        • _memcmp.LIBVCRUNTIME ref: 00BB15E1
                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00BB1617
                                                        • HeapFree.KERNEL32(00000000), ref: 00BB161E
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: Heap$InformationProcessToken$AllocErrorFreeLastLookupPrivilegeValue_memcmp
                                                        • String ID:
                                                        • API String ID: 1592001646-0
                                                        • Opcode ID: d2d1c864247e363c3ee038680c33975f37189d7bd44feef80d1ce3c369b8553a
                                                        • Instruction ID: 1c0741df21b65dd9838cc2abe1ecaaa22d08a827ff83a4609142d6fe0e114e0f
                                                        • Opcode Fuzzy Hash: d2d1c864247e363c3ee038680c33975f37189d7bd44feef80d1ce3c369b8553a
                                                        • Instruction Fuzzy Hash: 14217C31E00108EFDB10DFA8C955BFEB7F8EF44344F584899E442AB241D770AA05CBA0
                                                        Function 00BE2782 Relevance: 6.1, APIs: 4, Instructions: 75COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetWindowLongW.USER32(?,000000EC), ref: 00BE280A
                                                        • SetWindowLongW.USER32(?,000000EC,00000000), ref: 00BE2824
                                                        • SetWindowLongW.USER32(?,000000EC,00000000), ref: 00BE2832
                                                        • SetLayeredWindowAttributes.USER32(?,00000000,?,00000002), ref: 00BE2840
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: Window$Long$AttributesLayered
                                                        • String ID:
                                                        • API String ID: 2169480361-0
                                                        • Opcode ID: e55ba1de3e760852d1cc4c0e1735d54b62f8c1d83f6794f76b3911c5617fc1eb
                                                        • Instruction ID: c3c4d4740d7e5fab2d062e65c4a2c7be8009e876f1fe57aef19875e124df6db5
                                                        • Opcode Fuzzy Hash: e55ba1de3e760852d1cc4c0e1735d54b62f8c1d83f6794f76b3911c5617fc1eb
                                                        • Instruction Fuzzy Hash: 3F21D331204291AFD7149B25CC85FAA7BE9EF85324F14819CF8268B6E2CB71FC42C790
                                                        Function 00BB78F5 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 71stringCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00BB8D7D: lstrlenW.KERNEL32(?,00000002,000000FF,?,?,?,00BB790A,?,000000FF,?,00BB8754,00000000,?,0000001C,?,?), ref: 00BB8D8C
                                                          • Part of subcall function 00BB8D7D: lstrcpyW.KERNEL32(00000000,?,?,00BB790A,?,000000FF,?,00BB8754,00000000,?,0000001C,?,?,00000000), ref: 00BB8DB2
                                                          • Part of subcall function 00BB8D7D: lstrcmpiW.KERNEL32(00000000,?,00BB790A,?,000000FF,?,00BB8754,00000000,?,0000001C,?,?), ref: 00BB8DE3
                                                        • lstrlenW.KERNEL32(?,00000002,000000FF,?,000000FF,?,00BB8754,00000000,?,0000001C,?,?,00000000), ref: 00BB7923
                                                        • lstrcpyW.KERNEL32(00000000,?,?,00BB8754,00000000,?,0000001C,?,?,00000000), ref: 00BB7949
                                                        • lstrcmpiW.KERNEL32(00000002,cdecl,?,00BB8754,00000000,?,0000001C,?,?,00000000), ref: 00BB7984
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: lstrcmpilstrcpylstrlen
                                                        • String ID: cdecl
                                                        • API String ID: 4031866154-3896280584
                                                        • Opcode ID: c0d7dd6729d441b479f3f008a34bfca2d82a978409374c1e652467b7a5385770
                                                        • Instruction ID: e4fec67f3f2d6ac63e0e4d05eb9766a108ec23c14921d9fc175aa4b93b6151e6
                                                        • Opcode Fuzzy Hash: c0d7dd6729d441b479f3f008a34bfca2d82a978409374c1e652467b7a5385770
                                                        • Instruction Fuzzy Hash: 7811E63A201342BBCB159F34D845DBA77E9FF85750B50406AF946CB2A4EF71D811C7A1
                                                        Function 00BE7CC2 Relevance: 6.1, APIs: 4, Instructions: 70COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetWindowLongW.USER32(?,000000F0), ref: 00BE7D0B
                                                        • SetWindowLongW.USER32(00000000,000000F0,?), ref: 00BE7D2A
                                                        • SetWindowLongW.USER32(00000000,000000EC,000000FF), ref: 00BE7D42
                                                        • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?,00BCB7AD,00000000), ref: 00BE7D6B
                                                          • Part of subcall function 00B69BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00B69BB2
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: Window$Long
                                                        • String ID:
                                                        • API String ID: 847901565-0
                                                        • Opcode ID: d17e3eeb3a3ce394fc63a38d0c8c8bf2c9d8301f890134f747594a3139241b9b
                                                        • Instruction ID: 290edfa891287e9ae0d74964ca13d4ee509e63b47e316ebb664199daf0e4ec18
                                                        • Opcode Fuzzy Hash: d17e3eeb3a3ce394fc63a38d0c8c8bf2c9d8301f890134f747594a3139241b9b
                                                        • Instruction Fuzzy Hash: 5011AE71114694AFCB109F29CC44A7A3BE4EF45360B258364FC35CB2E0DB308951CB40
                                                        Function 00BE5660 Relevance: 6.1, APIs: 4, Instructions: 67windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SendMessageW.USER32(?,00001060,?,00000004), ref: 00BE56BB
                                                        • _wcslen.LIBCMT ref: 00BE56CD
                                                        • _wcslen.LIBCMT ref: 00BE56D8
                                                        • SendMessageW.USER32(?,00001002,00000000,?), ref: 00BE5816
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: MessageSend_wcslen
                                                        • String ID:
                                                        • API String ID: 455545452-0
                                                        • Opcode ID: 3c17f211d4e2af4085f3a0deab693bd500da4caeca87f7710f4e6fdfcd524f81
                                                        • Instruction ID: 5187d56f1ee1da38b3d68480a062f8994881259f085320dcb298dc78f3b0f849
                                                        • Opcode Fuzzy Hash: 3c17f211d4e2af4085f3a0deab693bd500da4caeca87f7710f4e6fdfcd524f81
                                                        • Instruction Fuzzy Hash: DB11D3756006999ADF309F62CCC5AEE77FCEF10768F1080A6F915D6181EB70DA80CB60
                                                        Function 00B81D09 Relevance: 6.1, APIs: 4, Instructions: 63COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: ac709e1ec0296fb2ab9aee439007c807a76c9edf380397d37398763f2ac2580e
                                                        • Instruction ID: deeca964313f57bea74abcf81ef890c848b23fea0dac292fff873888bd76d24a
                                                        • Opcode Fuzzy Hash: ac709e1ec0296fb2ab9aee439007c807a76c9edf380397d37398763f2ac2580e
                                                        • Instruction Fuzzy Hash: 91017CB2206616BEE621367C6CC0F27669CDF413B8B310BB5F531A11E2DB608C028370
                                                        Function 00BB1A27 Relevance: 6.1, APIs: 4, Instructions: 56windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SendMessageW.USER32(?,000000B0,?,?), ref: 00BB1A47
                                                        • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00BB1A59
                                                        • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00BB1A6F
                                                        • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00BB1A8A
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: MessageSend
                                                        • String ID:
                                                        • API String ID: 3850602802-0
                                                        • Opcode ID: d2ab3628c9b74c8e97d1cad372bc39f9559a6299f2497b38b18cd35888da444e
                                                        • Instruction ID: 880c5b8bdbbd14776d16b3ba7eb636c64d17017e8071237fc1d842a12aca4a12
                                                        • Opcode Fuzzy Hash: d2ab3628c9b74c8e97d1cad372bc39f9559a6299f2497b38b18cd35888da444e
                                                        • Instruction Fuzzy Hash: 1B112A3A901219FFEB109BA8C985FEDBBB8EB04750F200491EA10B7290D6B16E50DB94
                                                        Function 00BBE1D6 Relevance: 6.1, APIs: 4, Instructions: 55synchronizationthreadwindowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetCurrentThreadId.KERNEL32 ref: 00BBE1FD
                                                        • MessageBoxW.USER32(?,?,?,?), ref: 00BBE230
                                                        • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?), ref: 00BBE246
                                                        • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 00BBE24D
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: CloseCurrentHandleMessageObjectSingleThreadWait
                                                        • String ID:
                                                        • API String ID: 2880819207-0
                                                        • Opcode ID: 41120fac0a6b6bdc5588f0c8907face8c8eb4a79f1b543ff3994f94d33da2f3b
                                                        • Instruction ID: a25a2d914433493fe81a6b138495d6c37c27e22de63654c5b40801705fa38c5c
                                                        • Opcode Fuzzy Hash: 41120fac0a6b6bdc5588f0c8907face8c8eb4a79f1b543ff3994f94d33da2f3b
                                                        • Instruction Fuzzy Hash: DC110472904254BFC711DBA8DC49BEE7FEDEB45320F144299F825E32A1D6B0DD0187A0
                                                        Function 00B7D1CC Relevance: 6.1, APIs: 4, Instructions: 55threadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CreateThread.KERNEL32(00000000,?,00B7CFF9,00000000,00000004,00000000), ref: 00B7D218
                                                        • GetLastError.KERNEL32 ref: 00B7D224
                                                        • __dosmaperr.LIBCMT ref: 00B7D22B
                                                        • ResumeThread.KERNEL32(00000000), ref: 00B7D249
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: Thread$CreateErrorLastResume__dosmaperr
                                                        • String ID:
                                                        • API String ID: 173952441-0
                                                        • Opcode ID: 3a379b7e195c90ab5f2ee2805166be11df2d4f6ea32f2efcd79f7ae57c9f4489
                                                        • Instruction ID: 17187ba0332d450966cc3040778fa44ad8a550978a50798852da7201bff01739
                                                        • Opcode Fuzzy Hash: 3a379b7e195c90ab5f2ee2805166be11df2d4f6ea32f2efcd79f7ae57c9f4489
                                                        • Instruction Fuzzy Hash: EC01D6365052047BC7115BA5DC45BAA7EF9DF81771F208299F93D961D1CF708D02C6A1
                                                        Function 00BE9EF3 Relevance: 6.1, APIs: 4, Instructions: 55COMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00B69BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00B69BB2
                                                        • GetClientRect.USER32(?,?), ref: 00BE9F31
                                                        • GetCursorPos.USER32(?), ref: 00BE9F3B
                                                        • ScreenToClient.USER32(?,?), ref: 00BE9F46
                                                        • DefDlgProcW.USER32(?,00000020,?,00000000,?,?,?), ref: 00BE9F7A
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: Client$CursorLongProcRectScreenWindow
                                                        • String ID:
                                                        • API String ID: 4127811313-0
                                                        • Opcode ID: f0346d74f6f9e14e56c7cb11e40b1a9e8896e106d5f7a084be68452d95b5892d
                                                        • Instruction ID: 6194532e0956d9113c890d8bbc0c1e09ce1cda6a6688b34e838443f7f77540d4
                                                        • Opcode Fuzzy Hash: f0346d74f6f9e14e56c7cb11e40b1a9e8896e106d5f7a084be68452d95b5892d
                                                        • Instruction Fuzzy Hash: 6B11487290029AABDB10DF6AD8859EE7BF8FF05311F000491F911E7141D730BA86CBE1
                                                        Function 00B6990E Relevance: 6.1, APIs: 4, Instructions: 54COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetTextColor.GDI32(?,?), ref: 00B698D6
                                                        • SetBkMode.GDI32(?,00000001), ref: 00B698E9
                                                        • GetStockObject.GDI32(00000005), ref: 00B698F1
                                                        • GetWindowLongW.USER32(?,000000EB), ref: 00B69952
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: ColorLongModeObjectStockTextWindow
                                                        • String ID:
                                                        • API String ID: 2960364272-0
                                                        • Opcode ID: fa563cdba149a6c81bbf3f230da6ff41087103a3898a1d6af2cf6f5870c9e8d1
                                                        • Instruction ID: 41bec5b3acda8afa4d3451a3da3a1b790e112a229112f32924d0010fe8f7481a
                                                        • Opcode Fuzzy Hash: fa563cdba149a6c81bbf3f230da6ff41087103a3898a1d6af2cf6f5870c9e8d1
                                                        • Instruction Fuzzy Hash: 6D11293258A2509FC725CF24ECA9BAA3BA8DB67365708019DF5428F1A1DB394882C751
                                                        Function 00B5600E Relevance: 6.1, APIs: 4, Instructions: 53windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00B5604C
                                                        • GetStockObject.GDI32(00000011), ref: 00B56060
                                                        • SendMessageW.USER32(00000000,00000030,00000000), ref: 00B5606A
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: CreateMessageObjectSendStockWindow
                                                        • String ID:
                                                        • API String ID: 3970641297-0
                                                        • Opcode ID: 62e89cc3f948dcc15c4827aefee14d392a9241678947b5d04debd174164c7de5
                                                        • Instruction ID: 6c527c24b19b7c72897b4707af9475d9bae6fa78790ae2bc8ff8c3ee85bba727
                                                        • Opcode Fuzzy Hash: 62e89cc3f948dcc15c4827aefee14d392a9241678947b5d04debd174164c7de5
                                                        • Instruction Fuzzy Hash: 0A118B72101648BFEF164FA4CC84FEABFA9EF083A5F480291FE0457050CB729C619BA0
                                                        Function 00B73B3C Relevance: 6.1, APIs: 4, Instructions: 53COMMONLIBRARYCODE
                                                        Download Yara Rule
                                                        APIs
                                                        • ___BuildCatchObject.LIBVCRUNTIME ref: 00B73B56
                                                          • Part of subcall function 00B73AA3: BuildCatchObjectHelperInternal.LIBVCRUNTIME ref: 00B73AD2
                                                          • Part of subcall function 00B73AA3: ___AdjustPointer.LIBCMT ref: 00B73AED
                                                        • _UnwindNestedFrames.LIBCMT ref: 00B73B6B
                                                        • __FrameHandler3::FrameUnwindToState.LIBVCRUNTIME ref: 00B73B7C
                                                        • CallCatchBlock.LIBVCRUNTIME ref: 00B73BA4
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: Catch$BuildFrameObjectUnwind$AdjustBlockCallFramesHandler3::HelperInternalNestedPointerState
                                                        • String ID:
                                                        • API String ID: 737400349-0
                                                        • Opcode ID: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
                                                        • Instruction ID: 109afcf2ef8960c8bb405ef0f5d0ca7910101fa3e59fde60e8f8f01a424c4cda
                                                        • Opcode Fuzzy Hash: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
                                                        • Instruction Fuzzy Hash: E3012932100148BBDF125E95CC46EEB7BE9EF48B54F048098FE6C56121C732E961EBA0
                                                        Function 00B83073 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
                                                        Download Yara Rule
                                                        APIs
                                                        • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,00B513C6,00000000,00000000,?,00B8301A,00B513C6,00000000,00000000,00000000,?,00B8328B,00000006,FlsSetValue), ref: 00B830A5
                                                        • GetLastError.KERNEL32(?,00B8301A,00B513C6,00000000,00000000,00000000,?,00B8328B,00000006,FlsSetValue,00BF2290,FlsSetValue,00000000,00000364,?,00B82E46), ref: 00B830B1
                                                        • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,00B8301A,00B513C6,00000000,00000000,00000000,?,00B8328B,00000006,FlsSetValue,00BF2290,FlsSetValue,00000000), ref: 00B830BF
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: LibraryLoad$ErrorLast
                                                        • String ID:
                                                        • API String ID: 3177248105-0
                                                        • Opcode ID: a0b9a88a8a9c8f77d6e9eef39f3a50035a36d76651c4612eb70ec85b8e0bcdae
                                                        • Instruction ID: fac5d5184c3b1e09e21909f52ef828bedf41b4b8a4dc18bf203d7cbd9b2e701f
                                                        • Opcode Fuzzy Hash: a0b9a88a8a9c8f77d6e9eef39f3a50035a36d76651c4612eb70ec85b8e0bcdae
                                                        • Instruction Fuzzy Hash: B201A732751322ABCB315BB99C84B677BD8EF45F61B250760F915EB160DB21D902C7E0
                                                        Function 00BB7464 Relevance: 6.1, APIs: 4, Instructions: 51registryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetModuleFileNameW.KERNEL32(?,?,00000104,00000000), ref: 00BB747F
                                                        • LoadTypeLibEx.OLEAUT32(?,00000002,?), ref: 00BB7497
                                                        • RegisterTypeLib.OLEAUT32(?,?,00000000), ref: 00BB74AC
                                                        • RegisterTypeLibForUser.OLEAUT32(?,?,00000000), ref: 00BB74CA
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: Type$Register$FileLoadModuleNameUser
                                                        • String ID:
                                                        • API String ID: 1352324309-0
                                                        • Opcode ID: bb63599cce91a71b0886db09da224a8f852a409dcd2c9c736ae23deb06dfa640
                                                        • Instruction ID: ebdffbf6204fc5b60b220d70ab7e3260e879ad8efd69844d3b23fad42b2842f1
                                                        • Opcode Fuzzy Hash: bb63599cce91a71b0886db09da224a8f852a409dcd2c9c736ae23deb06dfa640
                                                        • Instruction Fuzzy Hash: 4211A1B12453149BE7208F14EC48FE27FFCEB40B01F1085A9A61ADB291DBB0E904DB90
                                                        Function 00BBB0A8 Relevance: 6.0, APIs: 4, Instructions: 50sleepCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,00BBACD3,?,00008000), ref: 00BBB0C4
                                                        • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,00BBACD3,?,00008000), ref: 00BBB0E9
                                                        • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,00BBACD3,?,00008000), ref: 00BBB0F3
                                                        • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,00BBACD3,?,00008000), ref: 00BBB126
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: CounterPerformanceQuerySleep
                                                        • String ID:
                                                        • API String ID: 2875609808-0
                                                        • Opcode ID: 274bbaa962c00ad7cd25cde7355e2fa4d2805356e179b1d5c6d0b3dc75d24d19
                                                        • Instruction ID: a95e54916d129f319793caa244922c9221722f82f39a694c2f5b3a91a804f35f
                                                        • Opcode Fuzzy Hash: 274bbaa962c00ad7cd25cde7355e2fa4d2805356e179b1d5c6d0b3dc75d24d19
                                                        • Instruction Fuzzy Hash: BC113931C01928E7CF00AFA8E998AFEBFB8FF0A711F104085D941B6281CBB096518B52
                                                        Function 00BE7E14 Relevance: 6.0, APIs: 4, Instructions: 46COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetWindowRect.USER32(?,?), ref: 00BE7E33
                                                        • ScreenToClient.USER32(?,?), ref: 00BE7E4B
                                                        • ScreenToClient.USER32(?,?), ref: 00BE7E6F
                                                        • InvalidateRect.USER32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 00BE7E8A
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: ClientRectScreen$InvalidateWindow
                                                        • String ID:
                                                        • API String ID: 357397906-0
                                                        • Opcode ID: 6f436ebc37dd76cde3dcaaf9247546e73f6a37e180ad88fc2920996d7b6d127c
                                                        • Instruction ID: 5887c7a63a0e793645414549be59a20c356f919ea1d2db5bc69d15ca73526651
                                                        • Opcode Fuzzy Hash: 6f436ebc37dd76cde3dcaaf9247546e73f6a37e180ad88fc2920996d7b6d127c
                                                        • Instruction Fuzzy Hash: 2D1156B9D0024AAFDB41CF99D8849EEBBF9FF08310F505096E925E3210D735AA55CF50
                                                        Function 00BB2DA7 Relevance: 6.0, APIs: 4, Instructions: 34threadwindowtimeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00BB2DC5
                                                        • GetWindowThreadProcessId.USER32(?,00000000), ref: 00BB2DD6
                                                        • GetCurrentThreadId.KERNEL32 ref: 00BB2DDD
                                                        • AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 00BB2DE4
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: Thread$AttachCurrentInputMessageProcessSendTimeoutWindow
                                                        • String ID:
                                                        • API String ID: 2710830443-0
                                                        • Opcode ID: 1e071ed743ecbbf4d52fdf130f4ac6f4acb3b1f9202f3551c75a43baf0691b10
                                                        • Instruction ID: 3b5a14be7daaab09615fd13f0bff1f7fe3668fea3dbf2073f6e945816942e097
                                                        • Opcode Fuzzy Hash: 1e071ed743ecbbf4d52fdf130f4ac6f4acb3b1f9202f3551c75a43baf0691b10
                                                        • Instruction Fuzzy Hash: 30E0ED72501224BBDB201B629C8DEFB7EACEB56BA1F500169B505D70909AA58942C6B1
                                                        Function 00BE8863 Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00B69639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00B69693
                                                          • Part of subcall function 00B69639: SelectObject.GDI32(?,00000000), ref: 00B696A2
                                                          • Part of subcall function 00B69639: BeginPath.GDI32(?), ref: 00B696B9
                                                          • Part of subcall function 00B69639: SelectObject.GDI32(?,00000000), ref: 00B696E2
                                                        • MoveToEx.GDI32(?,00000000,00000000,00000000), ref: 00BE8887
                                                        • LineTo.GDI32(?,?,?), ref: 00BE8894
                                                        • EndPath.GDI32(?), ref: 00BE88A4
                                                        • StrokePath.GDI32(?), ref: 00BE88B2
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: Path$ObjectSelect$BeginCreateLineMoveStroke
                                                        • String ID:
                                                        • API String ID: 1539411459-0
                                                        • Opcode ID: d338e3859ef9fafa3dea531865026572bd5f3a1ab170a5588d098ddb5045cac0
                                                        • Instruction ID: f04e9d49cb8f42bb9f749f3cf2dd3b251d466618c4331703273235de2582b6db
                                                        • Opcode Fuzzy Hash: d338e3859ef9fafa3dea531865026572bd5f3a1ab170a5588d098ddb5045cac0
                                                        • Instruction Fuzzy Hash: 1DF05E36041698FADB126F94AC09FCE3F59AF16310F048040FE116A0E2CB795552CFE5
                                                        Function 00B698B0 Relevance: 6.0, APIs: 4, Instructions: 23COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetSysColor.USER32(00000008), ref: 00B698CC
                                                        • SetTextColor.GDI32(?,?), ref: 00B698D6
                                                        • SetBkMode.GDI32(?,00000001), ref: 00B698E9
                                                        • GetStockObject.GDI32(00000005), ref: 00B698F1
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: Color$ModeObjectStockText
                                                        • String ID:
                                                        • API String ID: 4037423528-0
                                                        • Opcode ID: f0ab878d92d0b354302663bf0383113669cab1a93748becfdbff6812fde8bef5
                                                        • Instruction ID: 6f39ffbcf4112b465fb741b86e800e407234f1e1a73cd60b6cbe3cce441ad9de
                                                        • Opcode Fuzzy Hash: f0ab878d92d0b354302663bf0383113669cab1a93748becfdbff6812fde8bef5
                                                        • Instruction Fuzzy Hash: 65E06531248680AADB215B74EC49BD83F50EB12336F048259F6F5590E1CB7146419B11
                                                        Function 00BB162B Relevance: 6.0, APIs: 4, Instructions: 22threadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetCurrentThread.KERNEL32 ref: 00BB1634
                                                        • OpenThreadToken.ADVAPI32(00000000,?,?,?,00BB11D9), ref: 00BB163B
                                                        • GetCurrentProcess.KERNEL32(00000028,?,?,?,?,00BB11D9), ref: 00BB1648
                                                        • OpenProcessToken.ADVAPI32(00000000,?,?,?,00BB11D9), ref: 00BB164F
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: CurrentOpenProcessThreadToken
                                                        • String ID:
                                                        • API String ID: 3974789173-0
                                                        • Opcode ID: 9096b59343624a02bb9588e8d59159a2464072510874b615b2322fc889d575f5
                                                        • Instruction ID: 98726aaff6b655b3852cbee523d7ec3d0ffdee5a5e456c58db9e96037b95e97c
                                                        • Opcode Fuzzy Hash: 9096b59343624a02bb9588e8d59159a2464072510874b615b2322fc889d575f5
                                                        • Instruction Fuzzy Hash: 59E08631601211DBD7201FA49D4DB963FBCEF44792F144848F646CE080DB744442C754
                                                        Function 00BAD858 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetDesktopWindow.USER32 ref: 00BAD858
                                                        • GetDC.USER32(00000000), ref: 00BAD862
                                                        • GetDeviceCaps.GDI32(00000000,0000000C), ref: 00BAD882
                                                        • ReleaseDC.USER32(?), ref: 00BAD8A3
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: CapsDesktopDeviceReleaseWindow
                                                        • String ID:
                                                        • API String ID: 2889604237-0
                                                        • Opcode ID: 3fc3183ba8cd63ba5062ad0e43938049e26f8065c76a81494de5029fe715a677
                                                        • Instruction ID: 39b7b7b1f499bd37861992fd22f65fa5bdc4ab140e84dd6bd6834227d39842b4
                                                        • Opcode Fuzzy Hash: 3fc3183ba8cd63ba5062ad0e43938049e26f8065c76a81494de5029fe715a677
                                                        • Instruction Fuzzy Hash: 10E01AB4800204DFCF419FA4D88866EBFF2FB48311F108489E816EB250CB384906EF40
                                                        Function 00BAD86C Relevance: 6.0, APIs: 4, Instructions: 18COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetDesktopWindow.USER32 ref: 00BAD86C
                                                        • GetDC.USER32(00000000), ref: 00BAD876
                                                        • GetDeviceCaps.GDI32(00000000,0000000C), ref: 00BAD882
                                                        • ReleaseDC.USER32(?), ref: 00BAD8A3
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: CapsDesktopDeviceReleaseWindow
                                                        • String ID:
                                                        • API String ID: 2889604237-0
                                                        • Opcode ID: 7953538b8791046a04f22529f184b8e72936f88547d088331b759f4350db9bd5
                                                        • Instruction ID: fed9d911dad538c25f31d3b9678c40e329791b4310ee610e64016e88e4754778
                                                        • Opcode Fuzzy Hash: 7953538b8791046a04f22529f184b8e72936f88547d088331b759f4350db9bd5
                                                        • Instruction Fuzzy Hash: B0E09A75D00244DFCF519FA4D88866EBFF5BB48311B148449E95AEB250CB385906DF50
                                                        Function 00BC4D87 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 230shareCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00B57620: _wcslen.LIBCMT ref: 00B57625
                                                        • WNetUseConnectionW.MPR(00000000,?,0000002A,00000000,?,?,0000002A,?), ref: 00BC4ED4
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: Connection_wcslen
                                                        • String ID: *$LPT
                                                        • API String ID: 1725874428-3443410124
                                                        • Opcode ID: 570149212e8efd2eea02708d6a721a5abeaca836d41cf0a186bf07d5390b35d9
                                                        • Instruction ID: 8144049376dc221cec27744721da4bd28be52f3fecd882e51f2657f25560c0c8
                                                        • Opcode Fuzzy Hash: 570149212e8efd2eea02708d6a721a5abeaca836d41cf0a186bf07d5390b35d9
                                                        • Instruction Fuzzy Hash: 22911875A002049FDB14DF58C4A4FAABBF1EB45304F1980DDE84A9B3A2D735EE85CB91
                                                        Function 00B7E27D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 189COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • __startOneArgErrorHandling.LIBCMT ref: 00B7E30D
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: ErrorHandling__start
                                                        • String ID: pow
                                                        • API String ID: 3213639722-2276729525
                                                        • Opcode ID: 8ab08e3c1e717ef3b73dde55944fba102ef5c8d4e1167cac87c206f5a22d0b5e
                                                        • Instruction ID: 6ebe222ad08e44ebfe60ba183e67fea4cdd645d116489389336da693a85c4a02
                                                        • Opcode Fuzzy Hash: 8ab08e3c1e717ef3b73dde55944fba102ef5c8d4e1167cac87c206f5a22d0b5e
                                                        • Instruction Fuzzy Hash: DA5126A1A5C20296CB12B718C9417793BE8EF44745F3489E8E0B9872B9EF35CC91DB46
                                                        Function 00B6E187 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 184COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: #
                                                        • API String ID: 0-1885708031
                                                        • Opcode ID: 048d327777cbaabd3d2670b1f5dc02e30f914a410aec34db3c480452981990e8
                                                        • Instruction ID: 66bdf37b409056e0f3e2eb39d448e0769d2070cb9ba3d7f616b50240231951f9
                                                        • Opcode Fuzzy Hash: 048d327777cbaabd3d2670b1f5dc02e30f914a410aec34db3c480452981990e8
                                                        • Instruction Fuzzy Hash: 62511179908246DFDB19DF28C4916BA7BE5EF56310F2440D5ECA19B2C0DB38DD46CBA0
                                                        Function 00B6F291 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 144sleepCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • Sleep.KERNEL32(00000000), ref: 00B6F2A2
                                                        • GlobalMemoryStatusEx.KERNEL32(?), ref: 00B6F2BB
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: GlobalMemorySleepStatus
                                                        • String ID: @
                                                        • API String ID: 2783356886-2766056989
                                                        • Opcode ID: 35c2dda10bb725c934f89e2c60356f1299ae8df0dec84cc243b2020388a87d73
                                                        • Instruction ID: 28f707767f555f9086a6da5d50ce371b963704ea8c94921ac37b44072b1a7c76
                                                        • Opcode Fuzzy Hash: 35c2dda10bb725c934f89e2c60356f1299ae8df0dec84cc243b2020388a87d73
                                                        • Instruction Fuzzy Hash: B35135715087449BD320AF10EC86BAFBBF9FB84305F81889DF6D9411A5EB30852DCB66
                                                        Function 00BD5745 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 125COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CharUpperBuffW.USER32(?,?,?,00000003,?,?), ref: 00BD57E0
                                                        • _wcslen.LIBCMT ref: 00BD57EC
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: BuffCharUpper_wcslen
                                                        • String ID: CALLARGARRAY
                                                        • API String ID: 157775604-1150593374
                                                        • Opcode ID: fdc5f5f443bf0cdfc3b754759705d45314a92eb80d953bdeae1d2f236eda195c
                                                        • Instruction ID: 49d8670149d2ffdb4855f27d7f581a901b869f3e8da394dc3e914c8fded35d00
                                                        • Opcode Fuzzy Hash: fdc5f5f443bf0cdfc3b754759705d45314a92eb80d953bdeae1d2f236eda195c
                                                        • Instruction Fuzzy Hash: BA41AE31A002099FCB24DFA9C8819BEFBF5FF59324F2040AAE505A7351EB759D81DB90
                                                        Function 00BCD0F4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 98networkCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • _wcslen.LIBCMT ref: 00BCD130
                                                        • InternetCrackUrlW.WININET(?,00000000,00000000,0000007C), ref: 00BCD13A
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: CrackInternet_wcslen
                                                        • String ID: |
                                                        • API String ID: 596671847-2343686810
                                                        • Opcode ID: 3d2bdcc8a5e3b7bb0a392df11a094201cea435d0038ce4578c0d0d10cd0336b1
                                                        • Instruction ID: 2d6c7704267eba7499521a75c551ca37f651004db2e17f74612b5d57d777656e
                                                        • Opcode Fuzzy Hash: 3d2bdcc8a5e3b7bb0a392df11a094201cea435d0038ce4578c0d0d10cd0336b1
                                                        • Instruction Fuzzy Hash: 97310775D01209ABCF15EFA4CC85EEEBFB9FF04300F0000A9F819A6162D731AA46CB50
                                                        Function 00BE356C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 96COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • DestroyWindow.USER32(?,?,?,?), ref: 00BE3621
                                                        • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?), ref: 00BE365C
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: Window$DestroyMove
                                                        • String ID: static
                                                        • API String ID: 2139405536-2160076837
                                                        • Opcode ID: 1063384ccbcef0948bfba0438a56679d78dc5182ce3e85377cc86e4dbaa35571
                                                        • Instruction ID: 0f13e837445c6b8e7a71fe9a59dc9afde7198dbe386ba75ab30fa073790c2431
                                                        • Opcode Fuzzy Hash: 1063384ccbcef0948bfba0438a56679d78dc5182ce3e85377cc86e4dbaa35571
                                                        • Instruction Fuzzy Hash: 6E318D71110644AEDB109F39DC85FBB77E9FF98B20F008659F8A597290DB31AD81D760
                                                        Function 00BE4537 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 95windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SendMessageW.USER32(00000027,00001132,00000000,?), ref: 00BE461F
                                                        • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00BE4634
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: MessageSend
                                                        • String ID: '
                                                        • API String ID: 3850602802-1997036262
                                                        • Opcode ID: 20e370b0b23e5cb3eee98b48354f15d53aa93d38487d723650a2c29fbcf57b2c
                                                        • Instruction ID: 4582b5702c59bb7d9ca6da3f3d665d9ce0f7d7bbe7ca0d980db5495ee6a731cd
                                                        • Opcode Fuzzy Hash: 20e370b0b23e5cb3eee98b48354f15d53aa93d38487d723650a2c29fbcf57b2c
                                                        • Instruction Fuzzy Hash: FC312774A002499FDF14CFAAC980BDABBF5FF19300F1440AAE905AB381D770A941CF90
                                                        Function 00BE31EF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 00BE327C
                                                        • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00BE3287
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: MessageSend
                                                        • String ID: Combobox
                                                        • API String ID: 3850602802-2096851135
                                                        • Opcode ID: 620d413ccd0c345f05cd9d2aca28f618bbd6019c3ecd6bd9ca2a67e8e7ab8e03
                                                        • Instruction ID: fe26d1d7bcd09b8491d953ca632790d1743f014819868fd75c58d40ce9eece03
                                                        • Opcode Fuzzy Hash: 620d413ccd0c345f05cd9d2aca28f618bbd6019c3ecd6bd9ca2a67e8e7ab8e03
                                                        • Instruction Fuzzy Hash: 9C11E2713002487FEF219E55DC88EBB3BEAEF98764F100164FA589B290D731DD518760
                                                        Function 00BE3710 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67COMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00B5600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00B5604C
                                                          • Part of subcall function 00B5600E: GetStockObject.GDI32(00000011), ref: 00B56060
                                                          • Part of subcall function 00B5600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 00B5606A
                                                        • GetWindowRect.USER32(00000000,?), ref: 00BE377A
                                                        • GetSysColor.USER32(00000012), ref: 00BE3794
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: Window$ColorCreateMessageObjectRectSendStock
                                                        • String ID: static
                                                        • API String ID: 1983116058-2160076837
                                                        • Opcode ID: 6e48bd62f0673a3642d5765784a575ac772ea23de0f90070c7689021c9749c0c
                                                        • Instruction ID: ce191ac4b6dc4587f4a5489c3dfbee29fdadef09b3a2151a8e7c82c4cc268455
                                                        • Opcode Fuzzy Hash: 6e48bd62f0673a3642d5765784a575ac772ea23de0f90070c7689021c9749c0c
                                                        • Instruction Fuzzy Hash: C71147B2610249AFDB10DFA8CC8AEEA7BF8EB08314F004554F955E3250DB34E9119B50
                                                        Function 00BCCD1E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66networkCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 00BCCD7D
                                                        • InternetSetOptionW.WININET(00000000,00000032,?,00000008), ref: 00BCCDA6
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: Internet$OpenOption
                                                        • String ID: <local>
                                                        • API String ID: 942729171-4266983199
                                                        • Opcode ID: 3cfabe63d2f5b523f3386ddabb7c407916698a431cf525c938823955620e79a3
                                                        • Instruction ID: 718f1f4a32bedfcc6941760561e3c4e6e599832684f734f32d94df1a8e99b92a
                                                        • Opcode Fuzzy Hash: 3cfabe63d2f5b523f3386ddabb7c407916698a431cf525c938823955620e79a3
                                                        • Instruction Fuzzy Hash: CF11A371605632BAD7244A669C85FE7BEA8EF227A4F10427AF11E87090D6709841D6F0
                                                        Function 00BE3429 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetWindowTextLengthW.USER32(00000000), ref: 00BE34AB
                                                        • SendMessageW.USER32(?,000000B1,00000000,00000000), ref: 00BE34BA
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: LengthMessageSendTextWindow
                                                        • String ID: edit
                                                        • API String ID: 2978978980-2167791130
                                                        • Opcode ID: 7394459a0bd30d5e322a15f65d3bdf8df79d0af2b9664e5f21fecf71d15632af
                                                        • Instruction ID: af72f17083b8ddfd225aff712e26fef0617636f6c7176b2d0038d521b4afc538
                                                        • Opcode Fuzzy Hash: 7394459a0bd30d5e322a15f65d3bdf8df79d0af2b9664e5f21fecf71d15632af
                                                        • Instruction Fuzzy Hash: 5811BF71100188AFEB124E66DC88AAB3BEAEB15B74F504364F964972E0C731DD919B50
                                                        Function 00BB6C86 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56COMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00B59CB3: _wcslen.LIBCMT ref: 00B59CBD
                                                        • CharUpperBuffW.USER32(?,?,?), ref: 00BB6CB6
                                                        • _wcslen.LIBCMT ref: 00BB6CC2
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: _wcslen$BuffCharUpper
                                                        • String ID: STOP
                                                        • API String ID: 1256254125-2411985666
                                                        • Opcode ID: 0f3deb3f3132b803f112117b0550b582be35109ea17c116d10de51d249a561b1
                                                        • Instruction ID: 97e2a2b9501eb74125068c428395730da4075ea252409b24098a923a12005dba
                                                        • Opcode Fuzzy Hash: 0f3deb3f3132b803f112117b0550b582be35109ea17c116d10de51d249a561b1
                                                        • Instruction Fuzzy Hash: 09010432A0052A8FCB209FFDCC919FF3BE5EA6171071009B4E86297190EB79DC44C650
                                                        Function 00BB1CDE Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00B59CB3: _wcslen.LIBCMT ref: 00B59CBD
                                                          • Part of subcall function 00BB3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00BB3CCA
                                                        • SendMessageW.USER32(?,000001A2,000000FF,?), ref: 00BB1D4C
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: ClassMessageNameSend_wcslen
                                                        • String ID: ComboBox$ListBox
                                                        • API String ID: 624084870-1403004172
                                                        • Opcode ID: 6b25385b962e2871f15de9b7d40bea335856bc39f178ff3ec7759ae646e05c16
                                                        • Instruction ID: 38df8332ef216b618a6ea2d26d7dc12624b135a7dc807cbd22d6fc0ada888c25
                                                        • Opcode Fuzzy Hash: 6b25385b962e2871f15de9b7d40bea335856bc39f178ff3ec7759ae646e05c16
                                                        • Instruction Fuzzy Hash: 5E01D875601214EB8B04EBA4CC61DFE77E9EB46350B540DA9FC22672C1EE70990CC660
                                                        Function 00BB1BD8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00B59CB3: _wcslen.LIBCMT ref: 00B59CBD
                                                          • Part of subcall function 00BB3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00BB3CCA
                                                        • SendMessageW.USER32(?,00000180,00000000,?), ref: 00BB1C46
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: ClassMessageNameSend_wcslen
                                                        • String ID: ComboBox$ListBox
                                                        • API String ID: 624084870-1403004172
                                                        • Opcode ID: b538a59d61c0efb88f2603d62e634fcb2073bcaacac979affb57043636b0f0f0
                                                        • Instruction ID: f263aa692f2dfb0dd6642fc7494c080088cc386d40266b3a64f7c229fe7165a3
                                                        • Opcode Fuzzy Hash: b538a59d61c0efb88f2603d62e634fcb2073bcaacac979affb57043636b0f0f0
                                                        • Instruction Fuzzy Hash: E201A775681204ABCB04EB94C962AFF7BE8DB52340F540499A9066B282EE609E0CD6B1
                                                        Function 00BB1C5C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00B59CB3: _wcslen.LIBCMT ref: 00B59CBD
                                                          • Part of subcall function 00BB3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00BB3CCA
                                                        • SendMessageW.USER32(?,00000182,?,00000000), ref: 00BB1CC8
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: ClassMessageNameSend_wcslen
                                                        • String ID: ComboBox$ListBox
                                                        • API String ID: 624084870-1403004172
                                                        • Opcode ID: eeb71123a4ccf5b3a4f52481b9ff5b9a6ca6774079d16917f117204e28923d90
                                                        • Instruction ID: 009c6e32406a29962ebf7b005f336abe19a745aee7af3f60a15949e7c891ac71
                                                        • Opcode Fuzzy Hash: eeb71123a4ccf5b3a4f52481b9ff5b9a6ca6774079d16917f117204e28923d90
                                                        • Instruction Fuzzy Hash: 60018B75641214A7CB14EB94CA51AFF7BE8DB11780F540495BC0177281EAA19F4CD671
                                                        Function 00BB1D68 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 46windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00B59CB3: _wcslen.LIBCMT ref: 00B59CBD
                                                          • Part of subcall function 00BB3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00BB3CCA
                                                        • SendMessageW.USER32(?,0000018B,00000000,00000000), ref: 00BB1DD3
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: ClassMessageNameSend_wcslen
                                                        • String ID: ComboBox$ListBox
                                                        • API String ID: 624084870-1403004172
                                                        • Opcode ID: b8461892d148c3b90dd74b7ee2f717837f63652de3f7f0e659a76a6c43b8f165
                                                        • Instruction ID: 75670f2531f5d6486b7a186a39ad30aa54481560e4357a30445e01741334f9ab
                                                        • Opcode Fuzzy Hash: b8461892d148c3b90dd74b7ee2f717837f63652de3f7f0e659a76a6c43b8f165
                                                        • Instruction Fuzzy Hash: 85F0A975A51214A7D704E7A4CC91BFF77F8EB02750F540DA5B922672C1DEA0590C8260
                                                        Function 00BD747E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: _wcslen
                                                        • String ID: 3, 3, 16, 1
                                                        • API String ID: 176396367-3042988571
                                                        • Opcode ID: de49a588a2a5f06c28839b0b2b904848daabb14a747f5dd6ec749a690433c93e
                                                        • Instruction ID: 0b8271c7da71a6eb908ce285a6123a3127484288b95c8bb51f57764f62d660d0
                                                        • Opcode Fuzzy Hash: de49a588a2a5f06c28839b0b2b904848daabb14a747f5dd6ec749a690433c93e
                                                        • Instruction Fuzzy Hash: C3E02B0624422015923212799CC19FF96C9CFC675171018ABFA99C2366FF948D9193A1
                                                        Function 00BB0B15 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 28windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • MessageBoxW.USER32(00000000,Error allocating memory.,AutoIt,00000010), ref: 00BB0B23
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: Message
                                                        • String ID: AutoIt$Error allocating memory.
                                                        • API String ID: 2030045667-4017498283
                                                        • Opcode ID: 2b60c7e717a6e8a383b2e5bc688a8efce0fdb08a9664ff86ddae233d1dbe9faf
                                                        • Instruction ID: 994699021b831b97a7a58f2e38a73eb5595af86de70ad888ddbb926a4935bf2f
                                                        • Opcode Fuzzy Hash: 2b60c7e717a6e8a383b2e5bc688a8efce0fdb08a9664ff86ddae233d1dbe9faf
                                                        • Instruction Fuzzy Hash: AEE0D83228434827D2143655BC03FD97FC4CF09B22F1004E6FF58955C38BE2289106E9
                                                        Function 00B70D42 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00B6F7C9: InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,?,00B70D71,?,?,?,00B5100A), ref: 00B6F7CE
                                                        • IsDebuggerPresent.KERNEL32(?,?,?,00B5100A), ref: 00B70D75
                                                        • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,00B5100A), ref: 00B70D84
                                                        Strings
                                                        • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00B70D7F
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: CountCriticalDebugDebuggerInitializeOutputPresentSectionSpinString
                                                        • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                        • API String ID: 55579361-631824599
                                                        • Opcode ID: c04d7dff7df94b38b2a9bb6f466e3d1e4f5c74cef19b958cbc60ea08b39bcece
                                                        • Instruction ID: 4ca3ac5c55626a502f59c53fadd53b85c0d87c18b37ae8df5a3fa7051324227f
                                                        • Opcode Fuzzy Hash: c04d7dff7df94b38b2a9bb6f466e3d1e4f5c74cef19b958cbc60ea08b39bcece
                                                        • Instruction Fuzzy Hash: A7E06D702103828FD330AFB9E4443667BE0EF10745F0489BEE896CB665DBB4E4458B91
                                                        Function 00BC3017 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetTempPathW.KERNEL32(00000104,?,00000001), ref: 00BC302F
                                                        • GetTempFileNameW.KERNEL32(?,aut,00000000,?), ref: 00BC3044
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: Temp$FileNamePath
                                                        • String ID: aut
                                                        • API String ID: 3285503233-3010740371
                                                        • Opcode ID: 25aa9a2b8e37b95337324b3cb87148fe2665e7f2cb347651fd3675e9c5ae6384
                                                        • Instruction ID: f99070292dd4c231d789ccaffb63ae508998951a4b9a63539d0b6aaba27797c9
                                                        • Opcode Fuzzy Hash: 25aa9a2b8e37b95337324b3cb87148fe2665e7f2cb347651fd3675e9c5ae6384
                                                        • Instruction Fuzzy Hash: 33D05E7290032867DA20A7A4AC4EFCB3F6CEB05751F0002A1BB55E7091DEB09985CAD0
                                                        Function 00BAD21C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 17timeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: LocalTime
                                                        • String ID: %.3d$X64
                                                        • API String ID: 481472006-1077770165
                                                        • Opcode ID: 7b52026f3fc12d1f388bb9b0601cb320d9afcbe6ea860bc1e1411a85732c37e6
                                                        • Instruction ID: ab0ac83952d8a43b1893b66f833f3f8a274a9dd264c9ad00c734d1f4515f2b20
                                                        • Opcode Fuzzy Hash: 7b52026f3fc12d1f388bb9b0601cb320d9afcbe6ea860bc1e1411a85732c37e6
                                                        • Instruction Fuzzy Hash: B3D012B1C0C209E9CB5097D0DCC5AF9B3FCBB0A301F5484E2F90792440D628C549EB61
                                                        Function 00BE2322 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00BE232C
                                                        • PostMessageW.USER32(00000000,00000111,00000197,00000000), ref: 00BE233F
                                                          • Part of subcall function 00BBE97B: Sleep.KERNEL32 ref: 00BBE9F3
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: FindMessagePostSleepWindow
                                                        • String ID: Shell_TrayWnd
                                                        • API String ID: 529655941-2988720461
                                                        • Opcode ID: c4d0ea5e33b4527989eda0c96897dbe90563d57e3e6dd259379ba9d9de2eb8ea
                                                        • Instruction ID: 8af689de63a4d6a164c898f9dffee554dd1c4247e8ede5fde5440af86b8a02c6
                                                        • Opcode Fuzzy Hash: c4d0ea5e33b4527989eda0c96897dbe90563d57e3e6dd259379ba9d9de2eb8ea
                                                        • Instruction Fuzzy Hash: BBD0C936395350BBE664A7709C4FFD66A54AB10B10F0049167655AB1E0CAF0A8468A54
                                                        Function 00BE2356 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00BE236C
                                                        • PostMessageW.USER32(00000000), ref: 00BE2373
                                                          • Part of subcall function 00BBE97B: Sleep.KERNEL32 ref: 00BBE9F3
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: FindMessagePostSleepWindow
                                                        • String ID: Shell_TrayWnd
                                                        • API String ID: 529655941-2988720461
                                                        • Opcode ID: d193f41a2ea053e40168dbe41701b3d894838ab91540f1b14b07f78fe627580c
                                                        • Instruction ID: 94f7e88f60996399f84fe9a3240fa17366fbcae647fd92d5df19c0b6ff26c4e9
                                                        • Opcode Fuzzy Hash: d193f41a2ea053e40168dbe41701b3d894838ab91540f1b14b07f78fe627580c
                                                        • Instruction Fuzzy Hash: EDD0C936381350BBE664A7709C4FFC66A54AB15B10F4049167655AB1E0CAF0B8468A54
                                                        Function 00B8BDFD Relevance: 5.1, APIs: 4, Instructions: 139COMMONLIBRARYCODE
                                                        Download Yara Rule
                                                        APIs
                                                        • MultiByteToWideChar.KERNEL32(?,00000009,?,00000000,00000000,?,?,?,00000000,?,?,?,?,?,00000000,?), ref: 00B8BE93
                                                        • GetLastError.KERNEL32 ref: 00B8BEA1
                                                        • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00B8BEFC
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.2519497717.0000000000B51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B50000, based on PE: true
                                                        • Associated: 00000001.00000002.2519462737.0000000000B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000BEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519667987.0000000000C12000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519763259.0000000000C1C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.2519801341.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_b50000_file.jbxd
                                                        Similarity
                                                        • API ID: ByteCharMultiWide$ErrorLast
                                                        • String ID:
                                                        • API String ID: 1717984340-0
                                                        • Opcode ID: 05c5a44240e46222239b5a1c0e5b558bab01185edf5c9990828be22e161bcb8f
                                                        • Instruction ID: 26b3e370b922c9340c571ddb9002ace3c70c65eeb3002e80c4721b38d990e64b
                                                        • Opcode Fuzzy Hash: 05c5a44240e46222239b5a1c0e5b558bab01185edf5c9990828be22e161bcb8f
                                                        • Instruction Fuzzy Hash: 3F41A135604206AFCB21AF75CC84EBA7BE5EF42711F2441E9FA699B1B1DB308D01DB61