Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
XlKQ797V2E.exe

Overview

General Information

Sample name:XlKQ797V2E.exe
renamed because original name is a hash value
Original sample name:8d1d2122c8a31716baf394bb1e4c6f28.exe
Analysis ID:1543056
MD5:8d1d2122c8a31716baf394bb1e4c6f28
SHA1:b5eea46ea189e9c7b7172c5cca7b543eca377b48
SHA256:b122cc9290f58d4429c0e2bf1870777520493b95adf132a8a784d0dfa8495cf7
Tags:32exe
Infos:

Detection

Score:64
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
AI detected suspicious sample
Binary is likely a compiled AutoIt script file
Found API chain indicative of sandbox detection
Machine Learning detection for sample
Connects to many different domains
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected potential crypto function
Drops PE files
Enables debug privileges
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
OS version to string mapping found (often used in BOTs)
PE file contains sections with non-standard names
Potential key logger detected (key state polling based)
Sample execution stops while process was sleeping (likely an evasion)
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Uses taskkill to terminate processes

Classification

Process Tree

  • System is w10x64
  • XlKQ797V2E.exe (PID: 6708 cmdline: "C:\Users\user\Desktop\XlKQ797V2E.exe" MD5: 8D1D2122C8A31716BAF394BB1E4C6F28)
    • taskkill.exe (PID: 6724 cmdline: taskkill /F /IM firefox.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 6744 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 7008 cmdline: taskkill /F /IM chrome.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 7084 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 1704 cmdline: taskkill /F /IM msedge.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 928 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 1368 cmdline: taskkill /F /IM opera.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 5496 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 4228 cmdline: taskkill /F /IM brave.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 1344 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • firefox.exe (PID: 1228 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • firefox.exe (PID: 7136 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
    • firefox.exe (PID: 6784 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 5984 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2312 -parentBuildID 20230927232528 -prefsHandle 2256 -prefMapHandle 2248 -prefsLen 25359 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ad9adf17-56b2-4622-b491-11a7d2cd79cf} 6784 "\\.\pipe\gecko-crash-server-pipe.6784" 21561170d10 socket MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 7272 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4052 -parentBuildID 20230927232528 -prefsHandle 4064 -prefMapHandle 4060 -prefsLen 26208 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bec8f862-863b-4d27-96b4-2cc2a1669711} 6784 "\\.\pipe\gecko-crash-server-pipe.6784" 21561142f10 rdd MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 5024 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5148 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 5380 -prefMapHandle 1548 -prefsLen 33185 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {df6a430d-a2ca-4a6c-a2af-9981d1b358b2} 6784 "\\.\pipe\gecko-crash-server-pipe.6784" 21572a49910 utility MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for submitted file
Source: XlKQ797V2E.exeVirustotal: Detection: 41%Perma Link
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.6% probability
Machine Learning detection for sample
Source: XlKQ797V2E.exeJoe Sandbox ML: detected
Source: XlKQ797V2E.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49745 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.4:49747 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.4:49750 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49765 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49769 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49770 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49771 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.4:49772 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.65.91:443 -> 192.168.2.4:49774 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49777 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49779 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.4:49780 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49778 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49874 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49875 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49876 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49880 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49883 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49882 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49881 version: TLS 1.2
Source: Binary string: webauthn.pdb source: firefox.exe, 0000000D.00000003.2030251918.000002157B4A1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdbV source: gmpopenh264.dll.tmp.13.dr
Source: Binary string: NapiNSP.pdbUGP source: firefox.exe, 0000000D.00000003.2069863764.0000021570744000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: pnrpnsp.pdb source: firefox.exe, 0000000D.00000003.2070726466.000002157073E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: NapiNSP.pdb source: firefox.exe, 0000000D.00000003.2069863764.0000021570744000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: netprofm.pdb source: firefox.exe, 0000000D.00000003.2066922085.000002157073E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdb source: gmpopenh264.dll.tmp.13.dr
Source: Binary string: webauthn.pdbGCTL source: firefox.exe, 0000000D.00000003.2030251918.000002157B4A1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: pnrpnsp.pdbUGP source: firefox.exe, 0000000D.00000003.2070726466.000002157073E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: netprofm.pdbUGP source: firefox.exe, 0000000D.00000003.2066922085.000002157073E000.00000004.00000020.00020000.00000000.sdmp
Source: C:\Users\user\Desktop\XlKQ797V2E.exeCode function: 0_2_007ADBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,0_2_007ADBBE
Source: C:\Users\user\Desktop\XlKQ797V2E.exeCode function: 0_2_007B68EE FindFirstFileW,FindClose,0_2_007B68EE
Source: C:\Users\user\Desktop\XlKQ797V2E.exeCode function: 0_2_007B698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,0_2_007B698F
Source: C:\Users\user\Desktop\XlKQ797V2E.exeCode function: 0_2_007AD076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_007AD076
Source: C:\Users\user\Desktop\XlKQ797V2E.exeCode function: 0_2_007AD3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_007AD3A9
Source: C:\Users\user\Desktop\XlKQ797V2E.exeCode function: 0_2_007B9642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_007B9642
Source: C:\Users\user\Desktop\XlKQ797V2E.exeCode function: 0_2_007B979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_007B979D
Source: C:\Users\user\Desktop\XlKQ797V2E.exeCode function: 0_2_007B9B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_007B9B2B
Source: C:\Users\user\Desktop\XlKQ797V2E.exeCode function: 0_2_007B5C97 FindFirstFileW,FindNextFileW,FindClose,0_2_007B5C97
Source: firefox.exeMemory has grown: Private usage: 1MB later: 186MB
Source: unknownNetwork traffic detected: DNS query count 31
Source: Joe Sandbox ViewIP Address: 34.149.100.209 34.149.100.209
Source: Joe Sandbox ViewIP Address: 151.101.65.91 151.101.65.91
Source: Joe Sandbox ViewIP Address: 34.117.188.166 34.117.188.166
Source: Joe Sandbox ViewIP Address: 34.160.144.191 34.160.144.191
Source: Joe Sandbox ViewJA3 fingerprint: fb0aa01abe9d8e4037eb3473ca6e2dca
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: C:\Users\user\Desktop\XlKQ797V2E.exeCode function: 0_2_007BCE44 InternetReadFile,SetEvent,GetLastError,SetEvent,0_2_007BCE44
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: firefox.exe, 0000000D.00000003.1894794464.00000215726BE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8https://www.facebook.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000D.00000003.1894794464.00000215726BE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8https://www.youtube.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 0000000D.00000003.1894794464.00000215726BE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.facebook.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000D.00000003.1894794464.00000215726BE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000014.00000002.3013833310.000002AAAC20C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000014.00000002.3013833310.000002AAAC20C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.twitter.com (Twitter)
Source: firefox.exe, 00000014.00000002.3013833310.000002AAAC20C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000010.00000002.3013719106.000001DFBD20A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3013833310.000002AAAC20C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000010.00000002.3013719106.000001DFBD20A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3013833310.000002AAAC20C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.twitter.com (Twitter)
Source: firefox.exe, 00000010.00000002.3013719106.000001DFBD20A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3013833310.000002AAAC20C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.youtube.com (Youtube)
Source: global trafficDNS traffic detected: DNS query: prod.classify-client.prod.webservices.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: detectportal.firefox.com
Source: global trafficDNS traffic detected: DNS query: prod.detectportal.prod.cloudops.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: youtube.com
Source: global trafficDNS traffic detected: DNS query: example.org
Source: global trafficDNS traffic detected: DNS query: ipv4only.arpa
Source: global trafficDNS traffic detected: DNS query: contile.services.mozilla.com
Source: global trafficDNS traffic detected: DNS query: prod.balrog.prod.cloudops.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: spocs.getpocket.com
Source: global trafficDNS traffic detected: DNS query: prod.ads.prod.webservices.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: content-signature-2.cdn.mozilla.net
Source: global trafficDNS traffic detected: DNS query: prod.content-signature-chains.prod.webservices.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: shavar.services.mozilla.com
Source: global trafficDNS traffic detected: DNS query: push.services.mozilla.com
Source: global trafficDNS traffic detected: DNS query: support.mozilla.org
Source: global trafficDNS traffic detected: DNS query: us-west1.prod.sumo.prod.webservices.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: telemetry-incoming.r53-2.services.mozilla.com
Source: global trafficDNS traffic detected: DNS query: firefox.settings.services.mozilla.com
Source: global trafficDNS traffic detected: DNS query: prod.remote-settings.prod.webservices.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: www.facebook.com
Source: global trafficDNS traffic detected: DNS query: www.youtube.com
Source: global trafficDNS traffic detected: DNS query: www.wikipedia.org
Source: global trafficDNS traffic detected: DNS query: dyna.wikimedia.org
Source: global trafficDNS traffic detected: DNS query: star-mini.c10r.facebook.com
Source: global trafficDNS traffic detected: DNS query: youtube-ui.l.google.com
Source: global trafficDNS traffic detected: DNS query: www.reddit.com
Source: global trafficDNS traffic detected: DNS query: twitter.com
Source: global trafficDNS traffic detected: DNS query: reddit.map.fastly.net
Source: global trafficDNS traffic detected: DNS query: services.addons.mozilla.org
Source: global trafficDNS traffic detected: DNS query: normandy.cdn.mozilla.net
Source: global trafficDNS traffic detected: DNS query: normandy-cdn.services.mozilla.com
Source: firefox.exe, 0000000D.00000003.2051613411.00000215737AA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.3017668683.0000023053800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3011970913.000001DFBD040000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3012728326.000002AAAC120000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://127.0.0.1:
Source: firefox.exe, 0000000D.00000003.1894794464.00000215726BE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://a9.com/-/spec/opensearch/1.0/
Source: firefox.exe, 0000000D.00000003.1894794464.00000215726BE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://a9.com/-/spec/opensearch/1.1/
Source: firefox.exe, 0000000D.00000003.1894794464.00000215726BE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://a9.com/-/spec/opensearchdescription/1.0/
Source: firefox.exe, 0000000D.00000003.1894794464.00000215726BE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://a9.com/-/spec/opensearchdescription/1.1/
Source: firefox.exe, 0000000D.00000003.2065993932.00000215706F1000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2071011113.00000215706F1000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2068967020.00000215706F1000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2067257567.00000215706F1000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2030485316.0000021570727000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2074274071.00000215706F1000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2064891232.00000215706F1000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.13.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: firefox.exe, 0000000D.00000003.2068967020.000002157070A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2067257567.000002157070A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2064891232.000002157070A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2071011113.000002157070A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2065993932.000002157070A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2030485316.0000021570727000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2030574701.00000215706F1000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2074274071.000002157070A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: firefox.exe, 0000000D.00000003.2068967020.000002157070A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2067257567.000002157070A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2064891232.000002157070A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2071011113.000002157070A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2065993932.000002157070A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2030485316.0000021570727000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2074274071.000002157070A000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.13.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: firefox.exe, 0000000D.00000003.2063059375.000002157070A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2030485316.0000021570727000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2030574701.00000215706F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: firefox.exe, 0000000D.00000003.2068967020.000002157070A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2067257567.000002157070A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2030574701.000002157070A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2064891232.000002157070A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2071011113.000002157070A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2065993932.000002157070A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2030485316.0000021570727000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2030574701.00000215706F1000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2074274071.000002157070A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: firefox.exe, 0000000D.00000003.2061250320.000002157070A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/X
Source: firefox.exe, 0000000D.00000003.1942255482.000002156CE7D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://compose.mail.yahoo.co.jp/ym/Compose?To=%s
Source: firefox.exe, 0000000D.00000003.2061250320.000002157070A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.micr
Source: gmpopenh264.dll.tmp.13.drString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: firefox.exe, 0000000D.00000003.2068967020.000002157070A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2067257567.000002157070A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2064891232.000002157070A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2071011113.000002157070A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2065993932.000002157070A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2061250320.000002157070A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2030485316.0000021570727000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2030574701.00000215706F1000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2074274071.000002157070A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: firefox.exe, 0000000D.00000003.2065993932.00000215706F1000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2071011113.00000215706F1000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2068967020.00000215706F1000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2067257567.00000215706F1000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2030485316.0000021570727000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2074274071.00000215706F1000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2064891232.00000215706F1000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.13.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: firefox.exe, 0000000D.00000003.2063059375.000002157070A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2030485316.0000021570727000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2030574701.00000215706F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: firefox.exe, 0000000D.00000003.2068967020.000002157070A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2067257567.000002157070A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2030574701.000002157070A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2064891232.000002157070A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2071011113.000002157070A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2065993932.000002157070A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2030485316.0000021570727000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2030574701.00000215706F1000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2074274071.000002157070A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: firefox.exe, 0000000D.00000003.2068967020.000002157070A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2067257567.000002157070A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2064891232.000002157070A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2071011113.000002157070A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2065993932.000002157070A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2030485316.0000021570727000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2074274071.000002157070A000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.13.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: firefox.exe, 0000000D.00000003.2065993932.00000215706F1000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2071011113.00000215706F1000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2068967020.00000215706F1000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2067257567.00000215706F1000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2030485316.0000021570727000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2074274071.00000215706F1000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2064891232.00000215706F1000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.13.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: firefox.exe, 0000000D.00000003.2068967020.000002157070A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2067257567.000002157070A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2064891232.000002157070A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2071011113.000002157070A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2065993932.000002157070A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2030485316.0000021570727000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2074274071.000002157070A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
Source: gmpopenh264.dll.tmp.13.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
Source: firefox.exe, 0000000D.00000003.1886965256.0000021572C7A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com
Source: firefox.exe, 0000000F.00000002.3017668683.0000023053800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3011970913.000001DFBD040000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3012728326.000002AAAC120000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/canonical.html
Source: firefox.exe, 0000000D.00000003.2041755980.000002157A9FE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.3017668683.0000023053800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3011970913.000001DFBD040000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3012728326.000002AAAC120000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/success.txt?ipv4
Source: firefox.exe, 0000000D.00000003.1959273331.0000021578FAF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.3017668683.0000023053800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3011970913.000001DFBD040000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3012728326.000002AAAC120000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/success.txt?ipv6
Source: firefox.exe, 0000000D.00000003.1941298610.000002157233F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org
Source: firefox.exe, 0000000D.00000003.1939110649.0000021573104000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/
Source: firefox.exe, 0000000D.00000003.1961709821.0000021570B4A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1920718668.000002157293D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1889286597.0000021578E50000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1917988425.0000021571DD4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1953571922.00000215791A5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1927677562.0000021578E3A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1917988425.0000021571DFC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1959969927.00000215742E6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2023980468.000002157293C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1945092471.0000021571EC3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2012678179.0000021570371000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1948258720.00000215747C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2051097146.00000215737C5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1824987631.0000021570B47000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1957877593.0000021579210000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2048604689.0000021574246000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2014463069.000002156DFCB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2023091083.0000021570371000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1916118406.000002157312C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1963644040.0000021570B4C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1928166026.0000021578E19000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/MPL/2.0/.
Source: firefox.exe, 0000000D.00000003.1939110649.0000021573104000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/Z
Source: firefox.exe, 0000000D.00000003.2068967020.000002157070A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2067257567.000002157070A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2030574701.000002157070A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2064891232.000002157070A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2071011113.000002157070A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2065993932.000002157070A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2030485316.0000021570727000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2030574701.00000215706F1000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2074274071.000002157070A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
Source: firefox.exe, 0000000D.00000003.2068967020.000002157070A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2065993932.00000215706F1000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2067257567.000002157070A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2064891232.000002157070A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2071011113.00000215706F1000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2071011113.000002157070A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2068967020.00000215706F1000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2065993932.000002157070A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2061250320.000002157070A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2067257567.00000215706F1000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2030485316.0000021570727000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2030574701.00000215706F1000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2074274071.000002157070A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2074274071.00000215706F1000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2064891232.00000215706F1000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.13.drString found in binary or memory: http://ocsp.digicert.com0C
Source: firefox.exe, 0000000D.00000003.2068967020.000002157070A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2067257567.000002157070A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2064891232.000002157070A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2071011113.000002157070A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2065993932.000002157070A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2030485316.0000021570727000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2074274071.000002157070A000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.13.drString found in binary or memory: http://ocsp.digicert.com0N
Source: firefox.exe, 0000000D.00000003.2063059375.000002157070A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2030485316.0000021570727000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2030574701.00000215706F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
Source: gmpopenh264.dll.tmp.13.drString found in binary or memory: http://ocsp.thawte.com0
Source: firefox.exe, 0000000D.00000003.1942255482.000002156CE7D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://poczta.interia.pl/mh/?mailto=%s
Source: gmpopenh264.dll.tmp.13.drString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: gmpopenh264.dll.tmp.13.drString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: gmpopenh264.dll.tmp.13.drString found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: firefox.exe, 0000000D.00000003.1942255482.000002156CE7D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://win.mail.ru/cgi-bin/sentmsg?mailto=%s
Source: firefox.exe, 0000000D.00000003.2068967020.000002157070A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2067257567.000002157070A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2064891232.000002157070A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2071011113.000002157070A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2065993932.000002157070A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2030485316.0000021570727000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2074274071.000002157070A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
Source: firefox.exe, 0000000D.00000003.1942255482.000002156CE7D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.inbox.lv/rfc2368/?value=%s
Source: gmpopenh264.dll.tmp.13.drString found in binary or memory: http://www.mozilla.com0
Source: firefox.exe, 0000000D.00000003.2043892516.000002157B3A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/2005/app-updatex
Source: firefox.exe, 0000000D.00000003.1894794464.00000215726BE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/2006/browser/search/
Source: firefox.exe, 0000000D.00000003.2056818601.000002157362A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul8
Source: mozilla-temp-41.13.drString found in binary or memory: http://www.videolan.org/x264.html
Source: firefox.exe, 0000000D.00000003.1894794464.00000215726A9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://youtube.com/
Source: firefox.exe, 0000000F.00000002.3017668683.0000023053800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3011970913.000001DFBD040000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3012728326.000002AAAC120000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.malware-error.mozilla.com/?url=
Source: firefox.exe, 0000000F.00000002.3017668683.0000023053800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3011970913.000001DFBD040000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3012728326.000002AAAC120000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.phish-error.mozilla.com/?url=
Source: firefox.exe, 0000000F.00000002.3017668683.0000023053800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3011970913.000001DFBD040000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3012728326.000002AAAC120000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.phish-report.mozilla.com/?url=
Source: firefox.exe, 0000000D.00000003.1823895019.0000021570B77000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1823136109.0000021570900000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1823242296.0000021570B1F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1823726653.0000021570B5A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1823489215.0000021570B3C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.duckduckgo.com/ac/
Source: firefox.exe, 0000000D.00000003.2048604689.0000021574287000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1959969927.0000021574287000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://account.bellmedia.c
Source: firefox.exe, 0000000F.00000002.3017668683.0000023053800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3011970913.000001DFBD040000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3012728326.000002AAAC120000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com/
Source: firefox.exe, 0000000F.00000002.3017668683.0000023053800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3011970913.000001DFBD040000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3012728326.000002AAAC120000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com/settings/clients
Source: XlKQ797V2E.exe, 00000000.00000003.1828885769.000000000166F000.00000004.00000020.00020000.00000000.sdmp, XlKQ797V2E.exe, 00000000.00000002.1829932291.0000000001674000.00000004.00000020.00020000.00000000.sdmp, XlKQ797V2E.exe, 00000000.00000003.1828974489.0000000001673000.00000004.00000020.00020000.00000000.sdmp, XlKQ797V2E.exe, 00000000.00000003.1828578590.000000000166F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1947850258.00000215747FB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1952144345.00000215735BC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1948714126.00000215747FB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/v3/signin/challenge/pwd
Source: XlKQ797V2E.exe, 00000000.00000002.1829766545.0000000001638000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/v3/signin/challenge/pwdc
Source: firefox.exe, 0000000F.00000002.3017668683.0000023053800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3011970913.000001DFBD040000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3012728326.000002AAAC120000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/
Source: firefox.exe, 0000000F.00000002.3017668683.0000023053800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3011970913.000001DFBD040000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3012728326.000002AAAC120000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/
Source: firefox.exe, 0000000F.00000002.3017668683.0000023053800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3011970913.000001DFBD040000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3012728326.000002AAAC120000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/language-tools/
Source: firefox.exe, 0000000F.00000002.3017668683.0000023053800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3011970913.000001DFBD040000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3012728326.000002AAAC120000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search-engines/
Source: firefox.exe, 0000000F.00000002.3017668683.0000023053800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3011970913.000001DFBD040000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3012728326.000002AAAC120000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search?q=%TERMS%&platform=%OS%&appver=%VERSION%
Source: firefox.exe, 0000000F.00000002.3017668683.0000023053800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3011970913.000001DFBD040000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3012728326.000002AAAC120000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/themes
Source: firefox.exe, 0000000F.00000002.3017668683.0000023053800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3011970913.000001DFBD040000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3012728326.000002AAAC120000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://api.accounts.firefox.com/v1
Source: firefox.exe, 0000000F.00000002.3017668683.0000023053800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3011970913.000001DFBD040000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3012728326.000002AAAC120000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://apps.apple.com/app/firefox-private-safe-browser/id989804926
Source: firefox.exe, 0000000F.00000002.3017668683.0000023053800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3011970913.000001DFBD040000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3012728326.000002AAAC120000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://apps.apple.com/us/app/firefox-private-network-vpn/id1489407738
Source: firefox.exe, 0000000D.00000003.1894794464.00000215726F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org
Source: firefox.exe, 0000000D.00000003.2051613411.00000215737AA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/
Source: firefox.exe, 0000000F.00000002.3017668683.0000023053800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3011970913.000001DFBD040000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3012728326.000002AAAC120000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/GMP/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VER
Source: firefox.exe, 0000000F.00000002.3017668683.0000023053800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3011970913.000001DFBD040000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3012728326.000002AAAC120000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/SystemAddons/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL
Source: firefox.exe, 0000000D.00000003.2051613411.00000215737AA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/6/Firefox/118.0.1/20230927232528/WINNT_x86_64-msvc-x64/en-US/release
Source: firefox.exe, 0000000F.00000002.3017668683.0000023053800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3011970913.000001DFBD040000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3012728326.000002AAAC120000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://blocked.cdn.mozilla.net/
Source: firefox.exe, 0000000F.00000002.3017668683.0000023053800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3011970913.000001DFBD040000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3012728326.000002AAAC120000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://blocked.cdn.mozilla.net/%blockID%.html
Source: firefox.exe, 0000000F.00000002.3013635563.00000230537CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3013719106.000001DFBD2EE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3018133673.000002AAAC403000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.13.drString found in binary or memory: https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.
Source: firefox.exe, 0000000F.00000002.3013635563.00000230537CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3013719106.000001DFBD2EE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3018133673.000002AAAC403000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.13.drString found in binary or memory: https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta
Source: firefox.exe, 0000000D.00000003.2049013737.0000021574240000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2050063553.0000021573892000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mo
Source: firefox.exe, 0000000D.00000003.2019800423.00000215735DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1189266
Source: firefox.exe, 0000000D.00000003.2012678179.0000021570324000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2020664374.0000021570AAC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1266220
Source: firefox.exe, 0000000D.00000003.2019800423.00000215735DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1283601
Source: firefox.exe, 0000000D.00000003.2019800423.00000215735DF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2021582079.0000021574383000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1678448
Source: firefox.exe, 0000000D.00000003.1916118406.000002157312C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1694699#c21
Source: firefox.exe, 0000000D.00000003.2011800396.00000215730D4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2021073357.0000021571FD1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=809550
Source: firefox.exe, 0000000F.00000002.3017668683.0000023053800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3011970913.000001DFBD040000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3012728326.000002AAAC120000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-f
Source: firefox.exe, 0000000D.00000003.1823895019.0000021570B77000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1823136109.0000021570900000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1823242296.0000021570B1F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1823726653.0000021570B5A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1823489215.0000021570B3C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://completion.amazon.com/search/complete?q=
Source: firefox.exe, 0000000D.00000003.1896111310.0000021572473000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://content-signature-2.cdn.mozilla.net
Source: firefox.exe, 0000000D.00000003.1896111310.0000021572473000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://content-signature-2.cdn.mozilla.net/
Source: firefox.exe, 0000000D.00000003.1896444686.00000215722FA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-202
Source: firefox.exe, 0000000F.00000002.3017668683.0000023053800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3011970913.000001DFBD040000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3012728326.000002AAAC120000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://content.cdn.mozilla.net
Source: firefox.exe, 0000000F.00000002.3013635563.00000230537CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3013719106.000001DFBD2EE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3018133673.000002AAAC403000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.13.drString found in binary or memory: https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg
Source: firefox.exe, 0000000F.00000002.3013635563.00000230537CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3013719106.000001DFBD2EE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3018133673.000002AAAC403000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.13.drString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: firefox.exe, 0000000D.00000003.2045668423.0000021578DBF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile.services.mozilla.com/
Source: firefox.exe, 0000000D.00000003.2046988010.00000215746F1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.3017668683.0000023053800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3011970913.000001DFBD040000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3012728326.000002AAAC120000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://contile.services.mozilla.com/v1/tiles
Source: firefox.exe, 0000000F.00000002.3017668683.0000023053800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3011970913.000001DFBD040000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3012728326.000002AAAC120000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://coverage.mozilla.org
Source: firefox.exe, 0000000F.00000002.3017668683.0000023053800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3011970913.000001DFBD040000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3012728326.000002AAAC120000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://crash-stats.mozilla.org/report/index/
Source: firefox.exe, 0000000D.00000003.1889132940.0000021578E62000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1927677562.0000021578E65000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1891104411.0000021578E65000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1890190402.0000021578E69000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/993268
Source: firefox.exe, 0000000F.00000002.3017668683.0000023053800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3011970913.000001DFBD040000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3012728326.000002AAAC120000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://dap-02.api.divviup.org
Source: firefox.exe, 0000000D.00000003.1957877593.0000021579209000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsIEffectiveTLDServi
Source: firefox.exe, 0000000D.00000003.1889132940.0000021578E62000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1927677562.0000021578E65000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1891104411.0000021578E65000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1890190402.0000021578E69000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/API/ElementCSSInlineStyle/style#setting_styles)
Source: firefox.exe, 0000000D.00000003.1889132940.0000021578E62000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1927677562.0000021578E65000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1891104411.0000021578E65000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1890190402.0000021578E69000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Statements/for-await...of
Source: firefox.exe, 0000000D.00000003.1889132940.0000021578E62000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1927677562.0000021578E65000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1891104411.0000021578E65000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1890190402.0000021578E69000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/Web_Components/Using_custom_elements#using_the_lifecycl
Source: firefox.exe, 0000000F.00000002.3017668683.0000023053800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3011970913.000001DFBD040000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3012728326.000002AAAC120000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://developers.google.com/safe-browsing/v4/advisory
Source: firefox.exe, 0000000D.00000003.1894794464.00000215726BE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1823489215.0000021570B3C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1947746820.00000215792FC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/
Source: firefox.exe, 0000000D.00000003.1894794464.00000215726B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/?t=ffab&q=
Source: firefox.exe, 0000000D.00000003.1922554517.0000021570339000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1825089489.0000021570333000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1942255482.000002156CE7D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1955457704.0000021570334000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2012678179.0000021570334000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1825938369.000002157031B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1954779430.0000021570339000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1826132790.0000021570333000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2023091083.0000021570334000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%s
Source: firefox.exe, 0000000D.00000003.1922554517.0000021570339000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1825089489.0000021570333000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1955457704.0000021570334000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2012678179.0000021570334000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1825938369.000002157031B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1954779430.0000021570339000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1826132790.0000021570333000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2023091083.0000021570334000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://email.seznam.cz/newMessageScreen?mailto=%s
Source: firefox.exe, 0000000D.00000003.2041601667.000002157B3FB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2041897722.000002157A9BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3013719106.000001DFBD212000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3013833310.000002AAAC213000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-api-proxy.cdn.mozilla.net/
Source: firefox.exe, 0000000D.00000003.1893260159.0000021572368000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1894565319.0000021572369000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/706c7a85-cf23-442e-8a9
Source: firefox.exe, 0000000F.00000002.3017668683.0000023053800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3011970913.000001DFBD040000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3012728326.000002AAAC120000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://firefox-source-docs.mozilla.org/networking/dns/trr-skip-reasons.html#
Source: firefox.exe, 0000000F.00000002.3017668683.0000023053800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3011970913.000001DFBD040000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3012728326.000002AAAC120000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://fpn.firefox.com/browser?utm_source=firefox-desktop&utm_medium=referral&utm_campaign=about-pr
Source: firefox.exe, 0000000F.00000002.3017668683.0000023053800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3011970913.000001DFBD040000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3012728326.000002AAAC120000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://ftp.mozilla.org/pub/labs/devtools/adb-extension/#OS#/adb-extension-latest-#OS#.xpi
Source: firefox.exe, 0000000D.00000003.2041601667.000002157B3FB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2041897722.000002157A9BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3013719106.000001DFBD212000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3013833310.000002AAAC213000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/
Source: firefox.exe, 00000014.00000002.3013833310.000002AAAC2C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=
Source: firefox.exe, 00000014.00000002.3013833310.000002AAAC2C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_l
Source: firefox.exe, 00000014.00000002.3013833310.000002AAAC230000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=bas
Source: firefox.exe, 0000000D.00000003.2040676202.0000021578D6D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2074908033.0000021578D6D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/career?utm_source=pocket-newtabL
Source: firefox.exe, 0000000D.00000003.2040676202.0000021578D6D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2074908033.0000021578D6D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/entertainment?utm_source=pocket-newtabC
Source: firefox.exe, 0000000D.00000003.2040676202.0000021578D6D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2074908033.0000021578D6D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/food?utm_source=pocket-newtabA
Source: firefox.exe, 0000000D.00000003.2040676202.0000021578D6D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2074908033.0000021578D6D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/health?utm_source=pocket-newtabE
Source: firefox.exe, 0000000D.00000003.2040676202.0000021578D6D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2074908033.0000021578D6D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/science?utm_source=pocket-newtabG
Source: firefox.exe, 0000000D.00000003.2040676202.0000021578D6D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2074908033.0000021578D6D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/self-improvement?utm_source=pocket-newtab?
Source: firefox.exe, 0000000D.00000003.2040676202.0000021578D6D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2074908033.0000021578D6D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/technology?utm_source=pocket-newtabN
Source: firefox.exe, 00000014.00000002.3013833310.000002AAAC2C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tab
Source: firefox.exe, 0000000D.00000003.2041897722.000002157A9BF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tabL
Source: firefox.exe, 0000000D.00000003.2040676202.0000021578D6D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2074908033.0000021578D6D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore?utm_source=pocket-newtabI
Source: firefox.exe, 0000000D.00000003.2074908033.0000021578D6D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/firefox/new_tab_learn_more
Source: firefox.exe, 0000000D.00000003.2040676202.0000021578D6D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2074908033.0000021578D6D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/firefox/new_tab_learn_more/
Source: firefox.exe, 00000014.00000002.3013833310.000002AAAC2C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendations
Source: firefox.exe, 0000000D.00000003.2041897722.000002157A9BF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendationsS
Source: firefox.exe, 0000000D.00000003.2041897722.000002157A9BF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendationsS7
Source: firefox.exe, 0000000D.00000003.2041897722.000002157A9BF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=basic
Source: firefox.exe, 0000000D.00000003.1889132940.0000021578E62000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1927677562.0000021578E65000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1891104411.0000021578E65000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1890190402.0000021578E69000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/closure-compiler/issues/3177
Source: firefox.exe, 0000000D.00000003.1927677562.0000021578E3A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1890554955.0000021578E3C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/lit/lit/blob/main/packages/reactive-element/src/decorators/query-all.ts
Source: firefox.exe, 0000000D.00000003.1927677562.0000021578E3A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1890554955.0000021578E3C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/lit/lit/blob/main/packages/reactive-element/src/decorators/query.ts
Source: firefox.exe, 0000000D.00000003.1889132940.0000021578E62000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1927677562.0000021578E65000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1891104411.0000021578E65000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1890190402.0000021578E69000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/lit/lit/issues/1266
Source: firefox.exe, 0000000D.00000003.1889132940.0000021578E62000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1927677562.0000021578E65000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1891104411.0000021578E65000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1890190402.0000021578E69000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/microsoft/TypeScript/issues/338).
Source: firefox.exe, 0000000D.00000003.1823895019.0000021570B77000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1823136109.0000021570900000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1823242296.0000021570B1F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1823726653.0000021570B5A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1823489215.0000021570B3C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mozilla-services/screenshots
Source: firefox.exe, 0000000D.00000003.2036914944.000002157A86D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/uuidjs/uuid#getrandomvalues-not-supported
Source: firefox.exe, 0000000D.00000003.2041897722.000002157A9BF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/zertosh/loose-envify)
Source: firefox.exe, 0000000F.00000002.3017668683.0000023053800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3011970913.000001DFBD040000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3012728326.000002AAAC120000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://helper1.dap.cloudflareresearch.com/v02
Source: firefox.exe, 0000000D.00000003.2008720609.0000021572813000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ib.absa.co.za/
Source: firefox.exe, 0000000F.00000002.3017668683.0000023053800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3011970913.000001DFBD040000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3012728326.000002AAAC120000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://ideas.mozilla.org/
Source: firefox.exe, 0000000D.00000003.2042327233.000002157A966000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/apps/oldsyncS
Source: firefox.exe, 0000000D.00000003.2042896685.0000021578F7D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1959301524.0000021578F79000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2040273487.0000021578F69000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/apps/relay
Source: firefox.exe, 0000000D.00000003.2042327233.000002157A966000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/cmd/H
Source: firefox.exe, 0000000D.00000003.2042327233.000002157A966000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/cmd/HCX
Source: firefox.exe, 0000000D.00000003.2042327233.000002157A966000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/ids/ecosystem_telemetryU
Source: firefox.exe, 0000000D.00000003.2042327233.000002157A966000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/ids/ecosystem_telemetryUFj
Source: firefox.exe, 0000000D.00000003.2040676202.0000021578D6D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2074908033.0000021578D6D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://img-getpocket.cdn.mozilla.net/X
Source: prefs-1.js.13.drString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi
Source: firefox.exe, 0000000F.00000002.3017668683.0000023053800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3011970913.000001DFBD040000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3012728326.000002AAAC120000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org
Source: firefox.exe, 0000000D.00000003.2046761398.0000021578CA1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1959721748.0000021578C9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3013719106.000001DFBD2CC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3013833310.000002AAAC2F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit
Source: firefox.exe, 00000014.00000002.3013833310.000002AAAC2F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submitI
Source: firefox.exe, 0000000D.00000003.2041897722.000002157A9BF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submits
Source: firefox.exe, 0000000D.00000003.1889132940.0000021578E62000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1927677562.0000021578E65000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1891104411.0000021578E65000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1890190402.0000021578E69000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://infra.spec.whatwg.org/#ascii-whitespace
Source: firefox.exe, 0000000F.00000002.3017668683.0000023053800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3011970913.000001DFBD040000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3012728326.000002AAAC120000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://install.mozilla.org
Source: firefox.exe, 0000000D.00000003.1889132940.0000021578E62000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1927677562.0000021578E65000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1891104411.0000021578E65000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1890190402.0000021578E69000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lit.dev/docs/libraries/standalone-templates/#rendering-lit-html-templates
Source: firefox.exe, 0000000D.00000003.1889132940.0000021578E62000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1927677562.0000021578E65000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1891104411.0000021578E65000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1890190402.0000021578E69000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lit.dev/docs/templates/directives/#stylemap
Source: firefox.exe, 0000000D.00000003.1889132940.0000021578E62000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1927677562.0000021578E65000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1891104411.0000021578E65000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1890190402.0000021578E69000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lit.dev/docs/templates/expressions/#child-expressions)
Source: firefox.exe, 0000000D.00000003.1888068541.00000215715E7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com
Source: firefox.exe, 0000000D.00000003.1888068541.00000215715B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/
Source: firefox.exe, 0000000F.00000002.3017668683.0000023053800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3011970913.000001DFBD040000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3012728326.000002AAAC120000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/v1/country?key=%MOZILLA_API_KEY%
Source: firefox.exe, 0000000D.00000003.2048604689.0000021574287000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1959969927.0000021574287000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.live.com
Source: firefox.exe, 0000000D.00000003.2048604689.0000021574287000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1959969927.0000021574287000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2050357007.0000021573860000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com
Source: firefox.exe, 0000000D.00000003.1922554517.0000021570339000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1825089489.0000021570333000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1955457704.0000021570334000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2012678179.0000021570334000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1825938369.000002157031B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1954779430.0000021570339000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1826132790.0000021570333000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2023091083.0000021570334000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/?extsrc=mailto&url=%s
Source: firefox.exe, 0000000D.00000003.1922554517.0000021570339000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1825089489.0000021570333000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1942255482.000002156CE7D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1955457704.0000021570334000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2012678179.0000021570334000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1825938369.000002157031B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1954779430.0000021570339000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1826132790.0000021570333000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2023091083.0000021570334000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.inbox.lv/compose?to=%s
Source: firefox.exe, 0000000D.00000003.1922554517.0000021570339000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1825089489.0000021570333000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1942255482.000002156CE7D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1955457704.0000021570334000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2012678179.0000021570334000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1825938369.000002157031B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1954779430.0000021570339000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1826132790.0000021570333000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2023091083.0000021570334000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.yahoo.co.jp/compose/?To=%s
Source: firefox.exe, 00000010.00000002.3013719106.000001DFBD2CC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3013833310.000002AAAC28F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://merino.services.mozilla.com/api/v1/suggest
Source: firefox.exe, 0000000F.00000002.3017668683.0000023053800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3011970913.000001DFBD040000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3012728326.000002AAAC120000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://mitmdetection.services.mozilla.com/
Source: firefox.exe, 0000000F.00000002.3017668683.0000023053800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3011970913.000001DFBD040000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3012728326.000002AAAC120000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protections
Source: firefox.exe, 0000000F.00000002.3017668683.0000023053800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3011970913.000001DFBD040000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3012728326.000002AAAC120000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/about
Source: firefox.exe, 0000000F.00000002.3017668683.0000023053800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3011970913.000001DFBD040000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3012728326.000002AAAC120000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/breach-details/
Source: firefox.exe, 0000000F.00000002.3017668683.0000023053800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3011970913.000001DFBD040000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3012728326.000002AAAC120000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protect
Source: firefox.exe, 0000000F.00000002.3017668683.0000023053800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3011970913.000001DFBD040000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3012728326.000002AAAC120000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/breach-stats?includeResolved=true
Source: firefox.exe, 0000000F.00000002.3017668683.0000023053800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3011970913.000001DFBD040000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3012728326.000002AAAC120000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/dashboard
Source: firefox.exe, 0000000F.00000002.3017668683.0000023053800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3011970913.000001DFBD040000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3012728326.000002AAAC120000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/preferences
Source: firefox.exe, 0000000F.00000002.3017668683.0000023053800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3011970913.000001DFBD040000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3012728326.000002AAAC120000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://mozilla-ohttp-fakespot.fastly-edge.com/
Source: firefox.exe, 0000000F.00000002.3017668683.0000023053800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3011970913.000001DFBD040000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3012728326.000002AAAC120000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://mozilla.cloudflare-dns.com/dns-query
Source: firefox.exe, 0000000D.00000003.2030574701.000002157070A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2030485316.0000021570727000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mozilla.org0/
Source: firefox.exe, 0000000F.00000002.3017668683.0000023053800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3011970913.000001DFBD040000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3012728326.000002AAAC120000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://normandy.cdn.mozilla.net/api/v1
Source: firefox.exe, 0000000F.00000002.3017668683.0000023053800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3011970913.000001DFBD040000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3012728326.000002AAAC120000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://oauth.accounts.firefox.com/v1
Source: firefox.exe, 0000000D.00000003.1922554517.0000021570339000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1825089489.0000021570333000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1955457704.0000021570334000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2012678179.0000021570334000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1825938369.000002157031B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1954779430.0000021570339000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1826132790.0000021570333000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2023091083.0000021570334000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://outlook.live.com/default.aspx?rru=compose&to=%s
Source: firefox.exe, 0000000F.00000002.3017668683.0000023053800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3011970913.000001DFBD040000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3012728326.000002AAAC120000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_r
Source: firefox.exe, 0000000F.00000002.3017668683.0000023053800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3011970913.000001DFBD040000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3012728326.000002AAAC120000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-
Source: firefox.exe, 0000000D.00000003.1922554517.0000021570339000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1825089489.0000021570333000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1942255482.000002156CE7D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1955457704.0000021570334000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2012678179.0000021570334000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1825938369.000002157031B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1954779430.0000021570339000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1826132790.0000021570333000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2023091083.0000021570334000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://poczta.interia.pl/mh/?mailto=%s
Source: firefox.exe, 0000000F.00000002.3017668683.0000023053800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3011970913.000001DFBD040000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3012728326.000002AAAC120000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://prod.ohttp-gateway.prod.webservices.mozgcp.net/ohttp-configs
Source: firefox.exe, 0000000F.00000002.3017668683.0000023053800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3011970913.000001DFBD040000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3012728326.000002AAAC120000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://profile.accounts.firefox.com/v1
Source: firefox.exe, 0000000F.00000002.3017668683.0000023053800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3011970913.000001DFBD040000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3012728326.000002AAAC120000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://profiler.firefox.com
Source: firefox.exe, 0000000D.00000003.2041897722.000002157A9BF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redux.js.org/api-reference/store#subscribe(listener)
Source: firefox.exe, 0000000F.00000002.3017668683.0000023053800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3011970913.000001DFBD040000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3012728326.000002AAAC120000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://relay.firefox.com/accounts/profile/?utm_medium=firefox-desktop&utm_source=modal&utm_campaign
Source: firefox.exe, 0000000F.00000002.3017668683.0000023053800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3011970913.000001DFBD040000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3012728326.000002AAAC120000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://relay.firefox.com/api/v1/
Source: firefox.exe, 0000000F.00000002.3017668683.0000023053800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3011970913.000001DFBD040000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3012728326.000002AAAC120000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/diagnostic?site=
Source: firefox.exe, 0000000F.00000002.3017668683.0000023053800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3011970913.000001DFBD040000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3012728326.000002AAAC120000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%
Source: firefox.exe, 0000000D.00000003.2051613411.00000215737AA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/downloads?client=SAFEBROWSING_ID&appver=118.0&pver=2.2&
Source: firefox.exe, 0000000F.00000002.3017668683.0000023053800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3011970913.000001DFBD040000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3012728326.000002AAAC120000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&p
Source: firefox.exe, 0000000F.00000002.3017668683.0000023053800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3011970913.000001DFBD040000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3012728326.000002AAAC120000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/fullHashes:find?$ct=application/x-protobuf&key=%GOOGLE_SAFEBR
Source: firefox.exe, 0000000D.00000003.2051613411.00000215737AA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/fullHashes:find?$ct=application/x-protobuf&key=AIzaSyC7jsptDS
Source: firefox.exe, 0000000F.00000002.3017668683.0000023053800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3011970913.000001DFBD040000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3012728326.000002AAAC120000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatHits?$ct=application/x-protobuf&key=%GOOGLE_SAFEBROWSIN
Source: firefox.exe, 0000000F.00000002.3017668683.0000023053800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3011970913.000001DFBD040000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3012728326.000002AAAC120000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=%GOOGL
Source: firefox.exe, 0000000D.00000003.2051613411.00000215737AA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=AIzaSy
Source: firefox.exe, 0000000F.00000002.3017668683.0000023053800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3011970913.000001DFBD040000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3012728326.000002AAAC120000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://sb-ssl.google.com/safebrowsing/clientreport/download?key=%GOOGLE_SAFEBROWSING_API_KEY%
Source: firefox.exe, 0000000D.00000003.1823489215.0000021570B3C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://screenshots.firefox.com/
Source: firefox.exe, 0000000D.00000003.1957877593.0000021579209000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://searchfox.org/mozilla-central/source/toolkit/components/search/SearchUtils.jsm#145-152
Source: firefox.exe, 0000000F.00000002.3017668683.0000023053800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3011970913.000001DFBD040000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3012728326.000002AAAC120000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/abuse/report/addon/
Source: firefox.exe, 0000000D.00000003.2039209296.0000021579387000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1952164107.0000021579387000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/addon
Source: firefox.exe, 0000000F.00000002.3017668683.0000023053800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3011970913.000001DFBD040000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3012728326.000002AAAC120000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/addon/
Source: firefox.exe, 0000000F.00000002.3017668683.0000023053800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3011970913.000001DFBD040000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3012728326.000002AAAC120000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/language-tools/?app=firefox&type=language&appversi
Source: firefox.exe, 0000000F.00000002.3017668683.0000023053800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3011970913.000001DFBD040000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3012728326.000002AAAC120000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%
Source: firefox.exe, 0000000F.00000002.3017668683.0000023053800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3011970913.000001DFBD040000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3012728326.000002AAAC120000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/discovery/?lang=%LOCALE%&edition=%DISTRIBUTION%
Source: firefox.exe, 0000000F.00000002.3017668683.0000023053800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3011970913.000001DFBD040000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3012728326.000002AAAC120000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%
Source: firefox.exe, 0000000F.00000002.3017668683.0000023053800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3011970913.000001DFBD040000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3012728326.000002AAAC120000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
Source: firefox.exe, 0000000D.00000003.2057400804.00000215732CD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/downloads?client=navclient-auto-ffox&appver=118.0&pver=2.2
Source: firefox.exe, 0000000F.00000002.3017668683.0000023053800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3011970913.000001DFBD040000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3012728326.000002AAAC120000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
Source: firefox.exe, 0000000F.00000002.3017668683.0000023053800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3011970913.000001DFBD040000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3012728326.000002AAAC120000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://snippets.cdn.mozilla.net/%STARTPAGE_VERSION%/%NAME%/%VERSION%/%APPBUILDID%/%BUILD_TARGET%/%L
Source: firefox.exe, 0000000D.00000003.1894794464.00000215726B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com
Source: firefox.exe, 0000000D.00000003.2041601667.000002157B3FB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2041897722.000002157A9BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3013719106.000001DFBD212000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3013833310.000002AAAC213000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/
Source: firefox.exe, 0000000D.00000003.2040676202.0000021578D6D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2074908033.0000021578D6D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/spocs#
Source: firefox.exe, 0000000D.00000003.2040676202.0000021578D6D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2074908033.0000021578D6D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/spocs#l
Source: firefox.exe, 0000000D.00000003.2046761398.0000021578CA1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1959721748.0000021578C9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2041897722.000002157A9BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3013719106.000001DFBD2CC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3013833310.000002AAAC2F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/user
Source: firefox.exe, 0000000F.00000002.3017668683.0000023053800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3011970913.000001DFBD040000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3012728326.000002AAAC120000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/
Source: firefox.exe, 0000000F.00000002.3017668683.0000023053800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3011970913.000001DFBD040000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3012728326.000002AAAC120000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-report
Source: firefox.exe, 0000000F.00000002.3017668683.0000023053800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3011970913.000001DFBD040000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3012728326.000002AAAC120000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cryptominers-report
Source: firefox.exe, 0000000F.00000002.3017668683.0000023053800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3011970913.000001DFBD040000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3012728326.000002AAAC120000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-report
Source: firefox.exe, 0000000F.00000002.3017668683.0000023053800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3011970913.000001DFBD040000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3012728326.000002AAAC120000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/firefox-relay-integration
Source: firefox.exe, 0000000F.00000002.3017668683.0000023053800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3011970913.000001DFBD040000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3012728326.000002AAAC120000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-report
Source: firefox.exe, 0000000F.00000002.3017668683.0000023053800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3011970913.000001DFBD040000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3012728326.000002AAAC120000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/search-engine-removal
Source: firefox.exe, 0000000F.00000002.3017668683.0000023053800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3011970913.000001DFBD040000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3012728326.000002AAAC120000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tab
Source: firefox.exe, 0000000F.00000002.3017668683.0000023053800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3011970913.000001DFBD040000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3012728326.000002AAAC120000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shield
Source: firefox.exe, 0000000F.00000002.3017668683.0000023053800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3011970913.000001DFBD040000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3012728326.000002AAAC120000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-report
Source: firefox.exe, 0000000F.00000002.3017668683.0000023053800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3011970913.000001DFBD040000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3012728326.000002AAAC120000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/tracking-content-report
Source: firefox.exe, 0000000D.00000003.2040273487.0000021578F69000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2043006905.0000021578F69000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1959341828.0000021578F6D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/118.0.1/WINNT/en-US/firefox-relay-integration
Source: firefox.exe, 0000000F.00000002.3017668683.0000023053800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3011970913.000001DFBD040000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3012728326.000002AAAC120000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/captive-portal
Source: firefox.exe, 0000000D.00000003.2037926997.000002157A376000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: firefox.exe, 0000000D.00000003.2021582079.0000021574383000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2022437149.0000021574385000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1924776814.0000021574384000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings
Source: firefox.exe, 0000000D.00000003.1959969927.00000215742AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2048241940.00000215742B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings2
Source: firefox.exe, 0000000D.00000003.2037926997.000002157A376000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF
Source: firefox.exe, 0000000D.00000003.1889132940.0000021578E62000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1927677562.0000021578E65000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1891104411.0000021578E65000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1890190402.0000021578E69000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tc39.github.io/ecma262/#sec-typeof-operator
Source: firefox.exe, 0000000F.00000002.3017668683.0000023053800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3011970913.000001DFBD040000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3012728326.000002AAAC120000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://token.services.mozilla.com/1.0/sync/1.5
Source: firefox.exe, 0000000F.00000002.3017668683.0000023053800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3011970913.000001DFBD040000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3012728326.000002AAAC120000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://topsites.services.mozilla.com/cid/
Source: firefox.exe, 0000000F.00000002.3017668683.0000023053800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3011970913.000001DFBD040000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3012728326.000002AAAC120000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://tracking-protection-issues.herokuapp.com/new
Source: firefox.exe, 0000000D.00000003.1894794464.00000215726BE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/
Source: firefox.exe, 0000000F.00000002.3017668683.0000023053800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3011970913.000001DFBD040000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3012728326.000002AAAC120000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM
Source: firefox.exe, 0000000F.00000002.3017668683.0000023053800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3011970913.000001DFBD040000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3012728326.000002AAAC120000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_ID
Source: firefox.exe, 0000000F.00000002.3017668683.0000023053800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3011970913.000001DFBD040000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3012728326.000002AAAC120000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-%CHANNEL%-browser&utm_campaig
Source: firefox.exe, 00000014.00000002.3012728326.000002AAAC120000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campaign=about-pr
Source: firefox.exe, 0000000D.00000003.1959457511.0000021578F57000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2043006905.0000021578F57000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2040273487.0000021578F57000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://watch.sling.com/
Source: firefox.exe, 0000000F.00000002.3017668683.0000023053800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3011970913.000001DFBD040000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3012728326.000002AAAC120000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://webcompat.com/issues/new
Source: firefox.exe, 0000000F.00000002.3017668683.0000023053800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3011970913.000001DFBD040000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3012728326.000002AAAC120000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://webextensions.settings.services.mozilla.com/v1
Source: firefox.exe, 0000000D.00000003.2041897722.000002157A9BF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://webpack.js.org/concepts/mode/)
Source: firefox.exe, 0000000D.00000003.2074726459.000002157A977000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2042327233.000002157A977000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://weibo.com/
Source: firefox.exe, 0000000D.00000003.1889132940.0000021578E62000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1927677562.0000021578E65000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1891104411.0000021578E65000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1890190402.0000021578E69000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://wicg.github.io/construct-stylesheets/#using-constructed-stylesheets).
Source: firefox.exe, 0000000D.00000003.1894794464.00000215726BE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/
Source: firefox.exe, 0000000F.00000002.3013635563.00000230537CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3013719106.000001DFBD2EE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3018133673.000002AAAC403000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.13.drString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94
Source: firefox.exe, 0000000D.00000003.1921396955.00000215792FD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1823895019.0000021570B77000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1936368615.00000215792FD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1823136109.0000021570900000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1823242296.0000021570B1F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1823726653.0000021570B5A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1823489215.0000021570B3C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1947746820.00000215792FC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/exec/obidos/external-search/
Source: firefox.exe, 0000000D.00000003.2065993932.00000215706F1000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2071011113.00000215706F1000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2068967020.00000215706F1000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2067257567.00000215706F1000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2030485316.0000021570727000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2074274071.00000215706F1000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2064891232.00000215706F1000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.13.drString found in binary or memory: https://www.digicert.com/CPS0
Source: firefox.exe, 0000000F.00000002.3013635563.00000230537CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3013719106.000001DFBD2EE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3018133673.000002AAAC403000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.13.drString found in binary or memory: https://www.expedia.com/?locale=en_US&siteid=1&semcid=US.UB.ADMARKETPLACE.GT-C-EN.HOTEL&SEMDTL=a1219
Source: firefox.exe, 0000000D.00000003.2074726459.000002157A977000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2042327233.000002157A977000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/
Source: firefox.exe, 0000000D.00000003.1890129835.0000021578EAA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1889132940.0000021578EA9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1891004045.0000021578EB5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/search
Source: firefox.exe, 0000000D.00000003.1823895019.0000021570B77000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1823136109.0000021570900000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1823242296.0000021570B1F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1823726653.0000021570B5A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1823489215.0000021570B3C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/search?client=firefox&q=
Source: firefox.exe, 0000000D.00000003.1894794464.00000215726B6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1921396955.00000215792FD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1823895019.0000021570B77000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1936368615.00000215792FD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1823136109.0000021570900000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1823242296.0000021570B1F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1823726653.0000021570B5A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1823489215.0000021570B3C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1947746820.00000215792FC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search
Source: firefox.exe, 0000000D.00000003.2050654795.0000021573853000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search?client=firefox-b-d&q=
Source: firefox.exe, 0000000F.00000002.3017668683.0000023053800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3011970913.000001DFBD040000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3012728326.000002AAAC120000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/geolocation/v1/geolocate?key=%GOOGLE_LOCATION_SERVICE_API_KEY%
Source: firefox.exe, 0000000F.00000002.3017668683.0000023053800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3011970913.000001DFBD040000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3012728326.000002AAAC120000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/about/legal/terms/subscription-services/
Source: firefox.exe, 00000014.00000002.3012728326.000002AAAC120000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/releasenotes/?utm_source=firefox-browser&utm_medi
Source: firefox.exe, 0000000F.00000002.3017668683.0000023053800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3011970913.000001DFBD040000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3012728326.000002AAAC120000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/tour/
Source: firefox.exe, 0000000F.00000002.3017668683.0000023053800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3011970913.000001DFBD040000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3012728326.000002AAAC120000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/geolocation/
Source: firefox.exe, 0000000F.00000002.3017668683.0000023053800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3011970913.000001DFBD040000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3012728326.000002AAAC120000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/new?reason=manual-update
Source: firefox.exe, 0000000F.00000002.3017668683.0000023053800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3011970913.000001DFBD040000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3012728326.000002AAAC120000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/notes
Source: firefox.exe, 0000000F.00000002.3017668683.0000023053800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3011970913.000001DFBD040000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3012728326.000002AAAC120000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/set-as-default/thanks/
Source: firefox.exe, 0000000F.00000002.3017668683.0000023053800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3011970913.000001DFBD040000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3012728326.000002AAAC120000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/xr/
Source: firefox.exe, 0000000F.00000002.3017668683.0000023053800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3011970913.000001DFBD040000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3012728326.000002AAAC120000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/privacy/subscription-services/
Source: firefox.exe, 0000000D.00000003.2037926997.000002157A376000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.VsJpOAWrHqB2
Source: firefox.exe, 0000000D.00000003.1893260159.0000021572368000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1894565319.0000021572369000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/legal/terms/mozilla/
Source: firefox.exe, 0000000D.00000003.2037926997.000002157A376000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.n0g9CLHwD9nR
Source: firefox.exe, 0000000D.00000003.2040273487.0000021578F69000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2043006905.0000021578F69000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1959341828.0000021578F6D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/about/legal/terms/subscription-services/
Source: targeting.snapshot.json.tmp.13.drString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
Source: firefox.exe, 0000000D.00000003.2037926997.000002157A376000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
Source: firefox.exe, 0000000D.00000003.2040273487.0000021578F69000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2043006905.0000021578F69000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1959341828.0000021578F6D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/subscription-services/
Source: firefox.exe, 0000000D.00000003.2037926997.000002157A376000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: firefox.exe, 0000000F.00000002.3017668683.0000023053800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3011970913.000001DFBD040000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3012728326.000002AAAC120000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/android/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
Source: firefox.exe, 0000000F.00000002.3017668683.0000023053800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3011970913.000001DFBD040000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3012728326.000002AAAC120000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/ios/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campa
Source: firefox.exe, 0000000F.00000002.3017668683.0000023053800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3011970913.000001DFBD040000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3012728326.000002AAAC120000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html
Source: firefox.exe, 0000000F.00000002.3017668683.0000023053800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3011970913.000001DFBD040000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3012728326.000002AAAC120000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#crash-reporter
Source: firefox.exe, 0000000F.00000002.3017668683.0000023053800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3011970913.000001DFBD040000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3012728326.000002AAAC120000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#health-report
Source: firefox.exe, 0000000F.00000002.3013635563.00000230537CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3013719106.000001DFBD2CC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3013833310.000002AAAC2F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/
Source: firefox.exe, 0000000D.00000003.2040676202.0000021578D6D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2074908033.0000021578D6D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/#suggest-relevant-contentP
Source: firefox.exe, 0000000F.00000002.3017668683.0000023053800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3011970913.000001DFBD040000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3012728326.000002AAAC120000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
Source: firefox.exe, 00000014.00000002.3013833310.000002AAAC2F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/T
Source: firefox.exe, 0000000D.00000003.2040676202.0000021578D6D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2074908033.0000021578D6D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/V
Source: firefox.exe, 0000000D.00000003.2037926997.000002157A376000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
Source: firefox.exe, 0000000D.00000003.2048604689.0000021574287000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1959969927.0000021574287000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com
Source: firefox.exe, 0000000D.00000003.2074726459.000002157A977000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2042327233.000002157A977000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.olx.pl/
Source: firefox.exe, 0000000D.00000003.1894794464.00000215726BE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.reddit.com/
Source: firefox.exe, 0000000D.00000003.1959457511.0000021578F57000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2043006905.0000021578F57000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2040273487.0000021578F57000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.sling.com/
Source: firefox.exe, 0000000D.00000003.2023562985.00000215747E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2025412488.0000021570A83000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.tiktok.com/
Source: firefox.exe, 00000014.00000002.3013833310.000002AAAC20C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
Source: firefox.exe, 0000000D.00000003.2074726459.000002157A977000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2042327233.000002157A977000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.zhihu.com/
Source: firefox.exe, 0000000D.00000003.2056609829.000002157363E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://youtube.com
Source: firefox.exe, 0000000D.00000003.2043954719.000002157B353000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/
Source: recovery.jsonlz4.tmp.13.drString found in binary or memory: https://youtube.com/account?=
Source: firefox.exe, 00000014.00000002.3012996300.000002AAAC1F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/sig
Source: firefox.exe, 0000000F.00000002.3011353749.000002305344A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challeng
Source: firefox.exe, 0000000D.00000003.2048604689.0000021574271000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2042327233.000002157A9AB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1952164107.0000021579387000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.3011353749.000002305344A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.3017832041.00000230538D4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.3011353749.0000023053440000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3011581197.000001DFBD000000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3011581197.000001DFBD00A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3017478833.000001DFBD384000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3011202461.000002AAABF6A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3011202461.000002AAABF60000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3012996300.000002AAAC1F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd
Source: firefox.exe, 0000000B.00000002.1800342100.0000022110920000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.1808298222.000001D6D968A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd--no-default-browser
Source: firefox.exe, 0000000F.00000002.3017832041.00000230538D4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.3011353749.0000023053440000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3011581197.000001DFBD000000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3017478833.000001DFBD384000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3011202461.000002AAABF60000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3012996300.000002AAAC1F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwdMOZ_CRASHREPORTER_RE
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49875 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50057
Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49881 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49876 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49830 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49882 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49883
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49882
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49881
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49880
Source: unknownNetwork traffic detected: HTTP traffic on port 50057 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49883 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49876
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49875
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49830
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49874
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49874 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49880 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49745 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.4:49747 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.4:49750 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49765 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49769 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49770 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49771 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.4:49772 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.65.91:443 -> 192.168.2.4:49774 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49777 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49779 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.4:49780 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49778 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49874 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49875 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49876 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49880 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49883 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49882 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49881 version: TLS 1.2
Source: C:\Users\user\Desktop\XlKQ797V2E.exeCode function: 0_2_007BEAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_007BEAFF
Source: C:\Users\user\Desktop\XlKQ797V2E.exeCode function: 0_2_007BED6A OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,0_2_007BED6A
Source: C:\Users\user\Desktop\XlKQ797V2E.exeCode function: 0_2_007BEAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_007BEAFF
Source: C:\Users\user\Desktop\XlKQ797V2E.exeCode function: 0_2_007AAA57 GetKeyboardState,SetKeyboardState,PostMessageW,SendInput,0_2_007AAA57
Source: C:\Users\user\Desktop\XlKQ797V2E.exeCode function: 0_2_007D9576 DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,0_2_007D9576

System Summary

barindex
Binary is likely a compiled AutoIt script file
Source: XlKQ797V2E.exeString found in binary or memory: This is a third-party compiled AutoIt script.
Source: XlKQ797V2E.exe, 00000000.00000000.1758886541.0000000000802000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: This is a third-party compiled AutoIt script.memstr_8d960f75-a
Source: XlKQ797V2E.exe, 00000000.00000000.1758886541.0000000000802000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_60a9a045-a
Source: XlKQ797V2E.exeString found in binary or memory: This is a third-party compiled AutoIt script.memstr_0a7c8559-9
Source: XlKQ797V2E.exeString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_195f3c11-9
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 16_2_000001DFBD0CACF7 NtQuerySystemInformation,16_2_000001DFBD0CACF7
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 16_2_000001DFBD0E41B2 NtQuerySystemInformation,16_2_000001DFBD0E41B2
Source: C:\Users\user\Desktop\XlKQ797V2E.exeCode function: 0_2_007AD5EB: CreateFileW,DeviceIoControl,CloseHandle,0_2_007AD5EB
Source: C:\Users\user\Desktop\XlKQ797V2E.exeCode function: 0_2_007A1201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_007A1201
Source: C:\Users\user\Desktop\XlKQ797V2E.exeCode function: 0_2_007AE8F6 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,0_2_007AE8F6
Source: C:\Users\user\Desktop\XlKQ797V2E.exeCode function: 0_2_007480600_2_00748060
Source: C:\Users\user\Desktop\XlKQ797V2E.exeCode function: 0_2_007B20460_2_007B2046
Source: C:\Users\user\Desktop\XlKQ797V2E.exeCode function: 0_2_007A82980_2_007A8298
Source: C:\Users\user\Desktop\XlKQ797V2E.exeCode function: 0_2_0077E4FF0_2_0077E4FF
Source: C:\Users\user\Desktop\XlKQ797V2E.exeCode function: 0_2_0077676B0_2_0077676B
Source: C:\Users\user\Desktop\XlKQ797V2E.exeCode function: 0_2_007D48730_2_007D4873
Source: C:\Users\user\Desktop\XlKQ797V2E.exeCode function: 0_2_0074CAF00_2_0074CAF0
Source: C:\Users\user\Desktop\XlKQ797V2E.exeCode function: 0_2_0076CAA00_2_0076CAA0
Source: C:\Users\user\Desktop\XlKQ797V2E.exeCode function: 0_2_0075CC390_2_0075CC39
Source: C:\Users\user\Desktop\XlKQ797V2E.exeCode function: 0_2_00776DD90_2_00776DD9
Source: C:\Users\user\Desktop\XlKQ797V2E.exeCode function: 0_2_0075B1190_2_0075B119
Source: C:\Users\user\Desktop\XlKQ797V2E.exeCode function: 0_2_007491C00_2_007491C0
Source: C:\Users\user\Desktop\XlKQ797V2E.exeCode function: 0_2_007613940_2_00761394
Source: C:\Users\user\Desktop\XlKQ797V2E.exeCode function: 0_2_007617060_2_00761706
Source: C:\Users\user\Desktop\XlKQ797V2E.exeCode function: 0_2_0076781B0_2_0076781B
Source: C:\Users\user\Desktop\XlKQ797V2E.exeCode function: 0_2_0075997D0_2_0075997D
Source: C:\Users\user\Desktop\XlKQ797V2E.exeCode function: 0_2_007479200_2_00747920
Source: C:\Users\user\Desktop\XlKQ797V2E.exeCode function: 0_2_007619B00_2_007619B0
Source: C:\Users\user\Desktop\XlKQ797V2E.exeCode function: 0_2_00767A4A0_2_00767A4A
Source: C:\Users\user\Desktop\XlKQ797V2E.exeCode function: 0_2_00761C770_2_00761C77
Source: C:\Users\user\Desktop\XlKQ797V2E.exeCode function: 0_2_00767CA70_2_00767CA7
Source: C:\Users\user\Desktop\XlKQ797V2E.exeCode function: 0_2_007CBE440_2_007CBE44
Source: C:\Users\user\Desktop\XlKQ797V2E.exeCode function: 0_2_00779EEE0_2_00779EEE
Source: C:\Users\user\Desktop\XlKQ797V2E.exeCode function: 0_2_00761F320_2_00761F32
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 16_2_000001DFBD0CACF716_2_000001DFBD0CACF7
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 16_2_000001DFBD0E41B216_2_000001DFBD0E41B2
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 16_2_000001DFBD0E48DC16_2_000001DFBD0E48DC
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 16_2_000001DFBD0E41F216_2_000001DFBD0E41F2
Source: C:\Users\user\Desktop\XlKQ797V2E.exeCode function: String function: 0075F9F2 appears 31 times
Source: C:\Users\user\Desktop\XlKQ797V2E.exeCode function: String function: 00760A30 appears 46 times
Source: XlKQ797V2E.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
Source: classification engineClassification label: mal64.evad.winEXE@34/36@68/12
Source: C:\Users\user\Desktop\XlKQ797V2E.exeCode function: 0_2_007B37B5 GetLastError,FormatMessageW,0_2_007B37B5
Source: C:\Users\user\Desktop\XlKQ797V2E.exeCode function: 0_2_007A10BF AdjustTokenPrivileges,CloseHandle,0_2_007A10BF
Source: C:\Users\user\Desktop\XlKQ797V2E.exeCode function: 0_2_007A16C3 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,0_2_007A16C3
Source: C:\Users\user\Desktop\XlKQ797V2E.exeCode function: 0_2_007B51CD SetErrorMode,GetDiskFreeSpaceExW,SetErrorMode,0_2_007B51CD
Source: C:\Users\user\Desktop\XlKQ797V2E.exeCode function: 0_2_007AD4DC CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,0_2_007AD4DC
Source: C:\Users\user\Desktop\XlKQ797V2E.exeCode function: 0_2_007B648E _wcslen,CoInitialize,CoCreateInstance,CoUninitialize,0_2_007B648E
Source: C:\Users\user\Desktop\XlKQ797V2E.exeCode function: 0_2_007442A2 CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource,0_2_007442A2
Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Local\Mozilla\Firefox\SkeletonUILock-c388d246Jump to behavior
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6744:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:928:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1344:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7084:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5496:120:WilError_03
Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Local\Temp\firefoxJump to behavior
Source: XlKQ797V2E.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Program Files\Mozilla Firefox\firefox.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
Source: C:\Users\user\Desktop\XlKQ797V2E.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: XlKQ797V2E.exeVirustotal: Detection: 41%
Source: unknownProcess created: C:\Users\user\Desktop\XlKQ797V2E.exe "C:\Users\user\Desktop\XlKQ797V2E.exe"
Source: C:\Users\user\Desktop\XlKQ797V2E.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T
Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\XlKQ797V2E.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T
Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\XlKQ797V2E.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T
Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\XlKQ797V2E.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T
Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\XlKQ797V2E.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T
Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\XlKQ797V2E.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
Source: unknownProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2312 -parentBuildID 20230927232528 -prefsHandle 2256 -prefMapHandle 2248 -prefsLen 25359 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ad9adf17-56b2-4622-b491-11a7d2cd79cf} 6784 "\\.\pipe\gecko-crash-server-pipe.6784" 21561170d10 socket
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4052 -parentBuildID 20230927232528 -prefsHandle 4064 -prefMapHandle 4060 -prefsLen 26208 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bec8f862-863b-4d27-96b4-2cc2a1669711} 6784 "\\.\pipe\gecko-crash-server-pipe.6784" 21561142f10 rdd
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5148 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 5380 -prefMapHandle 1548 -prefsLen 33185 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {df6a430d-a2ca-4a6c-a2af-9981d1b358b2} 6784 "\\.\pipe\gecko-crash-server-pipe.6784" 21572a49910 utility
Source: C:\Users\user\Desktop\XlKQ797V2E.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /TJump to behavior
Source: C:\Users\user\Desktop\XlKQ797V2E.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /TJump to behavior
Source: C:\Users\user\Desktop\XlKQ797V2E.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /TJump to behavior
Source: C:\Users\user\Desktop\XlKQ797V2E.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /TJump to behavior
Source: C:\Users\user\Desktop\XlKQ797V2E.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /TJump to behavior
Source: C:\Users\user\Desktop\XlKQ797V2E.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blockingJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blockingJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2312 -parentBuildID 20230927232528 -prefsHandle 2256 -prefMapHandle 2248 -prefsLen 25359 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ad9adf17-56b2-4622-b491-11a7d2cd79cf} 6784 "\\.\pipe\gecko-crash-server-pipe.6784" 21561170d10 socketJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4052 -parentBuildID 20230927232528 -prefsHandle 4064 -prefMapHandle 4060 -prefsLen 26208 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bec8f862-863b-4d27-96b4-2cc2a1669711} 6784 "\\.\pipe\gecko-crash-server-pipe.6784" 21561142f10 rddJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5148 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 5380 -prefMapHandle 1548 -prefsLen 33185 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {df6a430d-a2ca-4a6c-a2af-9981d1b358b2} 6784 "\\.\pipe\gecko-crash-server-pipe.6784" 21572a49910 utilityJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\XlKQ797V2E.exeSection loaded: wsock32.dllJump to behavior
Source: C:\Users\user\Desktop\XlKQ797V2E.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\XlKQ797V2E.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\Desktop\XlKQ797V2E.exeSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\Desktop\XlKQ797V2E.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\Desktop\XlKQ797V2E.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\XlKQ797V2E.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\XlKQ797V2E.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\XlKQ797V2E.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\XlKQ797V2E.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\XlKQ797V2E.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: XlKQ797V2E.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: XlKQ797V2E.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: XlKQ797V2E.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: XlKQ797V2E.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: XlKQ797V2E.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: XlKQ797V2E.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: XlKQ797V2E.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: webauthn.pdb source: firefox.exe, 0000000D.00000003.2030251918.000002157B4A1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdbV source: gmpopenh264.dll.tmp.13.dr
Source: Binary string: NapiNSP.pdbUGP source: firefox.exe, 0000000D.00000003.2069863764.0000021570744000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: pnrpnsp.pdb source: firefox.exe, 0000000D.00000003.2070726466.000002157073E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: NapiNSP.pdb source: firefox.exe, 0000000D.00000003.2069863764.0000021570744000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: netprofm.pdb source: firefox.exe, 0000000D.00000003.2066922085.000002157073E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdb source: gmpopenh264.dll.tmp.13.dr
Source: Binary string: webauthn.pdbGCTL source: firefox.exe, 0000000D.00000003.2030251918.000002157B4A1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: pnrpnsp.pdbUGP source: firefox.exe, 0000000D.00000003.2070726466.000002157073E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: netprofm.pdbUGP source: firefox.exe, 0000000D.00000003.2066922085.000002157073E000.00000004.00000020.00020000.00000000.sdmp
Source: XlKQ797V2E.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: XlKQ797V2E.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: XlKQ797V2E.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: XlKQ797V2E.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: XlKQ797V2E.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: C:\Users\user\Desktop\XlKQ797V2E.exeCode function: 0_2_007442DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_007442DE
Source: gmpopenh264.dll.tmp.13.drStatic PE information: section name: .rodata
Source: C:\Users\user\Desktop\XlKQ797V2E.exeCode function: 0_2_00760A76 push ecx; ret 0_2_00760A89
Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmpJump to dropped file
Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)Jump to dropped file
Source: C:\Users\user\Desktop\XlKQ797V2E.exeCode function: 0_2_0075F98E GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,0_2_0075F98E
Source: C:\Users\user\Desktop\XlKQ797V2E.exeCode function: 0_2_007D1C41 IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,0_2_007D1C41
Source: C:\Users\user\Desktop\XlKQ797V2E.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\XlKQ797V2E.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Malware Analysis System Evasion

barindex
Found API chain indicative of sandbox detection
Source: C:\Users\user\Desktop\XlKQ797V2E.exeSandbox detection routine: GetForegroundWindow, DecisionNode, Sleepgraph_0-95821
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 16_2_000001DFBD0CACF7 rdtsc 16_2_000001DFBD0CACF7
Source: C:\Users\user\Desktop\XlKQ797V2E.exeAPI coverage: 3.7 %
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Users\user\Desktop\XlKQ797V2E.exeCode function: 0_2_007ADBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,0_2_007ADBBE
Source: C:\Users\user\Desktop\XlKQ797V2E.exeCode function: 0_2_007B68EE FindFirstFileW,FindClose,0_2_007B68EE
Source: C:\Users\user\Desktop\XlKQ797V2E.exeCode function: 0_2_007B698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,0_2_007B698F
Source: C:\Users\user\Desktop\XlKQ797V2E.exeCode function: 0_2_007AD076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_007AD076
Source: C:\Users\user\Desktop\XlKQ797V2E.exeCode function: 0_2_007AD3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_007AD3A9
Source: C:\Users\user\Desktop\XlKQ797V2E.exeCode function: 0_2_007B9642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_007B9642
Source: C:\Users\user\Desktop\XlKQ797V2E.exeCode function: 0_2_007B979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_007B979D
Source: C:\Users\user\Desktop\XlKQ797V2E.exeCode function: 0_2_007B9B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_007B9B2B
Source: C:\Users\user\Desktop\XlKQ797V2E.exeCode function: 0_2_007B5C97 FindFirstFileW,FindNextFileW,FindClose,0_2_007B5C97
Source: C:\Users\user\Desktop\XlKQ797V2E.exeCode function: 0_2_007442DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_007442DE
Source: firefox.exe, 00000010.00000002.3011581197.000001DFBD00A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW@b
Source: firefox.exe, 0000000F.00000002.3019374966.0000023053A00000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll|
Source: firefox.exe, 0000000F.00000002.3011353749.000002305344A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWp
Source: firefox.exe, 0000000F.00000002.3019374966.0000023053A00000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll&
Source: firefox.exe, 0000000F.00000002.3019374966.0000023053A00000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3017903639.000001DFBD7F0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3011202461.000002AAABF6A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3017830014.000002AAAC300000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: firefox.exe, 0000000F.00000002.3018402333.0000023053919000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW : 2 : 34 : 1 : 1 : 0x20026 : 0x8 : %SystemRoot%\system32\mswsock.dll : : 1234191b-4bf7-4ca7-86e0-dfd7c32b5445
Source: firefox.exe, 0000000F.00000002.3011353749.000002305344A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW~
Source: firefox.exe, 0000000F.00000002.3019374966.0000023053A00000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3017903639.000001DFBD7F0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: C:\Users\user\Desktop\XlKQ797V2E.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 16_2_000001DFBD0CACF7 rdtsc 16_2_000001DFBD0CACF7
Source: C:\Users\user\Desktop\XlKQ797V2E.exeCode function: 0_2_007BEAA2 BlockInput,0_2_007BEAA2
Source: C:\Users\user\Desktop\XlKQ797V2E.exeCode function: 0_2_00772622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00772622
Source: C:\Users\user\Desktop\XlKQ797V2E.exeCode function: 0_2_007442DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_007442DE
Source: C:\Users\user\Desktop\XlKQ797V2E.exeCode function: 0_2_00764CE8 mov eax, dword ptr fs:[00000030h]0_2_00764CE8
Source: C:\Users\user\Desktop\XlKQ797V2E.exeCode function: 0_2_007A0B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,0_2_007A0B62
Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
Source: C:\Users\user\Desktop\XlKQ797V2E.exeCode function: 0_2_00772622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00772622
Source: C:\Users\user\Desktop\XlKQ797V2E.exeCode function: 0_2_0076083F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0076083F
Source: C:\Users\user\Desktop\XlKQ797V2E.exeCode function: 0_2_007609D5 SetUnhandledExceptionFilter,0_2_007609D5
Source: C:\Users\user\Desktop\XlKQ797V2E.exeCode function: 0_2_00760C21 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00760C21
Source: C:\Users\user\Desktop\XlKQ797V2E.exeCode function: 0_2_007A1201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_007A1201
Source: C:\Users\user\Desktop\XlKQ797V2E.exeCode function: 0_2_00782BA5 KiUserCallbackDispatcher,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,0_2_00782BA5
Source: C:\Users\user\Desktop\XlKQ797V2E.exeCode function: 0_2_007AB226 SendInput,keybd_event,0_2_007AB226
Source: C:\Users\user\Desktop\XlKQ797V2E.exeCode function: 0_2_007C22DA GetForegroundWindow,GetDesktopWindow,GetWindowRect,mouse_event,GetCursorPos,mouse_event,0_2_007C22DA
Source: C:\Users\user\Desktop\XlKQ797V2E.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /TJump to behavior
Source: C:\Users\user\Desktop\XlKQ797V2E.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /TJump to behavior
Source: C:\Users\user\Desktop\XlKQ797V2E.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /TJump to behavior
Source: C:\Users\user\Desktop\XlKQ797V2E.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /TJump to behavior
Source: C:\Users\user\Desktop\XlKQ797V2E.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /TJump to behavior
Source: C:\Users\user\Desktop\XlKQ797V2E.exeCode function: 0_2_007A0B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,0_2_007A0B62
Source: C:\Users\user\Desktop\XlKQ797V2E.exeCode function: 0_2_007A1663 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,0_2_007A1663
Source: XlKQ797V2E.exeBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
Source: XlKQ797V2E.exeBinary or memory string: Shell_TrayWnd
Source: firefox.exe, 0000000D.00000003.2062018897.000002157B4BE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: hSoftware\Policies\Microsoft\Windows\PersonalizationNoChangingStartMenuBackgroundPersonalColors_BackgroundWilStaging_02RtlDisownModuleHeapAllocationRtlQueryFeatureConfigurationRtlRegisterFeatureConfigurationChangeNotificationRtlSubscribeWnfStateChangeNotificationRtlDllShutdownInProgressntdll.dllNtQueryWnfStateDataLocal\SM0:%d:%d:%hs_p0Local\SessionImmersiveColorPreferenceBEGINTHMthmfile\Sessions\%d\Windows\ThemeSectionMessageWindowendthemewndThemeApiConnectionRequest\ThemeApiPortwinsta0SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\PersonalizeAppsUseLightThemeSystemUsesLightThemedefaultshell\themes\uxtheme\render.cppCompositedWindow::WindowdeletedrcacheMDIClientSoftware\Microsoft\Windows\DWMColorPrevalenceSoftware\Microsoft\Windows\CurrentVersion\ImmersiveShellTabletModeMENUAccentColorSoftware\Microsoft\Windows\CurrentVersion\Explorer\AccentDefaultStartColorControl Panel\DesktopAutoColorizationAccentColorMenuStartColorMenuAutoColorSoftware\Microsoft\Windows\CurrentVersion\Themes\History\ColorsSoftware\Microsoft\Windows\CurrentVersion\Themes\HistoryAccentPaletteTab$Shell_TrayWndLocal\SessionImmersiveColorMutex
Source: C:\Users\user\Desktop\XlKQ797V2E.exeCode function: 0_2_00760698 cpuid 0_2_00760698
Source: C:\Users\user\Desktop\XlKQ797V2E.exeCode function: 0_2_007B8195 GetLocalTime,SystemTimeToFileTime,LocalFileTimeToFileTime,GetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,0_2_007B8195
Source: C:\Users\user\Desktop\XlKQ797V2E.exeCode function: 0_2_0079D27A GetUserNameW,0_2_0079D27A
Source: C:\Users\user\Desktop\XlKQ797V2E.exeCode function: 0_2_0077BB6F _free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,0_2_0077BB6F
Source: C:\Users\user\Desktop\XlKQ797V2E.exeCode function: 0_2_007442DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_007442DE
Source: XlKQ797V2E.exeBinary or memory string: WIN_81
Source: XlKQ797V2E.exeBinary or memory string: WIN_XP
Source: XlKQ797V2E.exeBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_11WIN_10WIN_2022WIN_2019WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\AppearanceUSERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte64HKEY_LOCAL_MACHINEHKLMHKEY_CLASSES_ROOTHKCRHKEY_CURRENT_CONFIGHKCCHKEY_CURRENT_USERHKCUHKEY_USERSHKUREG_EXPAND_SZREG_SZREG_MULTI_SZREG_DWORDREG_QWORDREG_BINARYRegDeleteKeyExWadvapi32.dll+.-.\\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs](*UCP)\XISVISIBLEISENABLEDTABLEFTTABRIGHTCURRENTTABSHOWDROPDOWNHIDEDROPDOWNADDSTRINGDELSTRINGFINDSTRINGGETCOUNTSETCURRENTSELECTIONGETCURRENTSELECTIONSELECTSTRINGISCHECKEDCHECKUNCHECKGETSELECTEDGETLINECOUNTGETCURRENTLINEGETCURRENTCOLEDITPASTEGETLINESENDCOMMANDIDGETITEMCOUNTGETSUBITEMCOUNTGETTEXTGETSELECTEDCOUNTISSELECTEDSELECTALLSELECTCLEARSELECTINVERTDESELECTFINDITEMVIEWCHANGEGETTOTALCOUNTCOLLAPSEEXPANDmsctls_statusbar321tooltips_class32%d/%02d/%02dbuttonComboboxListboxSysDateTimePick32SysMonthCal32.icl.exe.dllMsctls_Progress32msctls_trackbar32SysAnimate32msctls_updown32SysTabControl32SysTreeView32SysListView32-----@GUI_DRAGID@GUI_DROPID@GUI_DRAGFILEError text not found (please report)Q\EDEFINEUTF16)UTF)UCP)NO_AUTO_POSSESS)NO_START_OPT)LIMIT_MATCH=LIMIT_RECURSION=CR)LF)CRLF)ANY)ANYCRLF)BSR_ANYCRLF)BSR_UNICODE)argument is not a compiled regular expressionargument not compiled in 16 bit modeinternal error: opcode not recognizedinternal error: missing capturing bracketfailed to get memory
Source: XlKQ797V2E.exeBinary or memory string: WIN_XPe
Source: XlKQ797V2E.exeBinary or memory string: WIN_VISTA
Source: XlKQ797V2E.exeBinary or memory string: WIN_7
Source: XlKQ797V2E.exeBinary or memory string: WIN_8
Source: C:\Users\user\Desktop\XlKQ797V2E.exeCode function: 0_2_007C1204 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,listen,WSAGetLastError,closesocket,0_2_007C1204
Source: C:\Users\user\Desktop\XlKQ797V2E.exeCode function: 0_2_007C1806 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,0_2_007C1806

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire Infrastructure2
Valid Accounts		1
Windows Management Instrumentation		1
DLL Side-Loading		1
Exploitation for Privilege Escalation		2
Disable or Modify Tools		21
Input Capture		2
System Time Discovery		Remote Services1
Archive Collected Data		2
Ingress Tool Transfer		Exfiltration Over Other Network Medium1
System Shutdown/Reboot
CredentialsDomainsDefault Accounts1
Native API		2
Valid Accounts		1
DLL Side-Loading		1
Deobfuscate/Decode Files or Information		LSASS Memory1
Account Discovery		Remote Desktop Protocol21
Input Capture		12
Encrypted Channel		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
Extra Window Memory Injection		2
Obfuscated Files or Information		Security Account Manager2
File and Directory Discovery		SMB/Windows Admin Shares3
Clipboard Data		2
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook2
Valid Accounts		1
DLL Side-Loading		NTDS16
System Information Discovery		Distributed Component Object ModelInput Capture3
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script21
Access Token Manipulation		1
Extra Window Memory Injection		LSA Secrets131
Security Software Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts2
Process Injection		1
Masquerading		Cached Domain Credentials1
Virtualization/Sandbox Evasion		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items2
Valid Accounts		DCSync3
Process Discovery		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
Virtualization/Sandbox Evasion		Proc Filesystem1
Application Window Discovery		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt21
Access Token Manipulation		/etc/passwd and /etc/shadow1
System Owner/User Discovery		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron2
Process Injection		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1543056 Sample: XlKQ797V2E.exe Startdate: 27/10/2024 Architecture: WINDOWS Score: 64 45 youtube.com 2->45 47 youtube-ui.l.google.com 2->47 49 34 other IPs or domains 2->49 57 Multi AV Scanner detection for submitted file 2->57 59 Binary is likely a compiled AutoIt script file 2->59 61 Machine Learning detection for sample 2->61 63 AI detected suspicious sample 2->63 8 XlKQ797V2E.exe 2->8         started        11 firefox.exe 1 2->11         started        signatures3 process4 signatures5 65 Binary is likely a compiled AutoIt script file 8->65 67 Found API chain indicative of sandbox detection 8->67 13 taskkill.exe 1 8->13         started        15 taskkill.exe 1 8->15         started        17 taskkill.exe 1 8->17         started        23 3 other processes 8->23 19 firefox.exe 3 222 11->19         started        process6 dnsIp7 25 conhost.exe 13->25         started        27 conhost.exe 15->27         started        29 conhost.exe 17->29         started        51 youtube.com 142.250.185.174, 443, 49740, 49742 GOOGLEUS United States 19->51 53 prod.detectportal.prod.cloudops.mozgcp.net 34.107.221.82, 49739, 49743, 49753 GOOGLEUS United States 19->53 55 10 other IPs or domains 19->55 41 C:\Users\user\AppData\...\gmpopenh264.dll.tmp, PE32+ 19->41 dropped 43 C:\Users\user\...\gmpopenh264.dll (copy), PE32+ 19->43 dropped 31 firefox.exe 1 19->31         started        33 firefox.exe 1 19->33         started        35 firefox.exe 1 19->35         started        37 conhost.exe 23->37         started        39 conhost.exe 23->39         started        file8 process9

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
XlKQ797V2E.exe41%VirustotalBrowse
XlKQ797V2E.exe100%Joe Sandbox ML

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)0%ReversingLabs
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

SourceDetectionScannerLabelLink
example.org0%VirustotalBrowse
star-mini.c10r.facebook.com0%VirustotalBrowse
prod.classify-client.prod.webservices.mozgcp.net0%VirustotalBrowse
prod.balrog.prod.cloudops.mozgcp.net0%VirustotalBrowse

URLs

SourceDetectionScannerLabelLink
https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_l0%URL Reputationsafe
https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%0%URL Reputationsafe
http://www.mozilla.com00%URL Reputationsafe
https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.0%URL Reputationsafe
https://developer.mozilla.org/en-US/docs/Web/Web_Components/Using_custom_elements#using_the_lifecycl0%URL Reputationsafe
https://merino.services.mozilla.com/api/v1/suggest0%URL Reputationsafe
https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protect0%URL Reputationsafe
https://completion.amazon.com/search/complete?q=0%URL Reputationsafe
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-report0%URL Reputationsafe
https://identity.mozilla.com/ids/ecosystem_telemetryU0%URL Reputationsafe
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tab0%URL Reputationsafe
https://monitor.firefox.com/breach-details/0%URL Reputationsafe
https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM0%URL Reputationsafe
https://services.addons.mozilla.org/api/v4/addons/addon/0%URL Reputationsafe
https://tracking-protection-issues.herokuapp.com/new0%URL Reputationsafe
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-report0%URL Reputationsafe
https://content-signature-2.cdn.mozilla.net/0%URL Reputationsafe
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-report0%URL Reputationsafe
https://api.accounts.firefox.com/v10%URL Reputationsafe
https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protections0%URL Reputationsafe
http://win.mail.ru/cgi-bin/sentmsg?mailto=%s0%URL Reputationsafe
https://bugzilla.mozilla.org/show_bug.cgi?id=12836010%URL Reputationsafe
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shield0%URL Reputationsafe
https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=0%URL Reputationsafe
https://bugzilla.mozilla.org/show_bug.cgi?id=12662200%URL Reputationsafe
https://searchfox.org/mozilla-central/source/toolkit/components/search/SearchUtils.jsm#145-1520%URL Reputationsafe
https://bugzilla.mo0%URL Reputationsafe
https://mitmdetection.services.mozilla.com/0%URL Reputationsafe
https://spocs.getpocket.com/0%URL Reputationsafe
https://services.addons.mozilla.org/api/v4/abuse/report/addon/0%URL Reputationsafe
https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%0%URL Reputationsafe
https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-f0%URL Reputationsafe
https://monitor.firefox.com/user/breach-stats?includeResolved=true0%URL Reputationsafe
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-report0%URL Reputationsafe
http://a9.com/-/spec/opensearch/1.0/0%URL Reputationsafe
https://safebrowsing.google.com/safebrowsing/diagnostic?site=0%URL Reputationsafe
https://monitor.firefox.com/user/dashboard0%URL Reputationsafe
https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_ID0%URL Reputationsafe
https://monitor.firefox.com/about0%URL Reputationsafe
https://account.bellmedia.c0%URL Reputationsafe
https://login.microsoftonline.com0%URL Reputationsafe
https://coverage.mozilla.org0%URL Reputationsafe
http://crl.thawte.com/ThawteTimestampingCA.crl00%URL Reputationsafe
https://www.zhihu.com/0%URL Reputationsafe
http://a9.com/-/spec/opensearch/1.1/0%URL Reputationsafe
https://infra.spec.whatwg.org/#ascii-whitespace0%URL Reputationsafe
https://blocked.cdn.mozilla.net/0%URL Reputationsafe
https://duckduckgo.com/?t=ffab&q=0%URL Reputationsafe
https://profiler.firefox.com0%URL Reputationsafe
https://outlook.live.com/default.aspx?rru=compose&to=%s0%URL Reputationsafe
https://identity.mozilla.com/apps/relay0%URL Reputationsafe
https://mozilla.cloudflare-dns.com/dns-query0%URL Reputationsafe
https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings20%URL Reputationsafe
https://bugzilla.mozilla.org/show_bug.cgi?id=16784480%URL Reputationsafe
https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg0%URL Reputationsafe
https://contile.services.mozilla.com/v1/tiles0%URL Reputationsafe
https://monitor.firefox.com/user/preferences0%URL Reputationsafe
https://screenshots.firefox.com/0%URL Reputationsafe
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/tracking-content-report0%URL Reputationsafe
https://www.olx.pl/0%URL Reputationsafe
https://poczta.interia.pl/mh/?mailto=%s0%URL Reputationsafe
https://watch.sling.com/0%URL Reputationsafe
https://getpocket.com/firefox/new_tab_learn_more/0%URL Reputationsafe
https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg0%URL Reputationsafe
https://getpocket.com/recommendations0%URL Reputationsafe
https://lit.dev/docs/templates/directives/#stylemap0%URL Reputationsafe
https://webextensions.settings.services.mozilla.com/v10%URL Reputationsafe
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/firefox-relay-integration0%URL Reputationsafe
https://spocs.getpocket.com0%URL Reputationsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
example.org
93.184.215.14
truefalseunknown
star-mini.c10r.facebook.com
157.240.251.35
truefalseunknown
prod.classify-client.prod.webservices.mozgcp.net
35.190.72.216
truefalseunknown
prod.balrog.prod.cloudops.mozgcp.net
35.244.181.201
truefalseunknown
twitter.com
104.244.42.1
truefalse
    		unknown
    prod.detectportal.prod.cloudops.mozgcp.net
    		34.107.221.82
    		truefalse
      		unknown
      services.addons.mozilla.org
      		151.101.65.91
      		truefalse
        		unknown
        dyna.wikimedia.org
        		185.15.59.224
        		truefalse
          		unknown
          prod.remote-settings.prod.webservices.mozgcp.net
          		34.149.100.209
          		truefalse
            		unknown
            contile.services.mozilla.com
            		34.117.188.166
            		truefalse
              		unknown
              youtube.com
              		142.250.185.174
              		truefalse
                		unknown
                prod.content-signature-chains.prod.webservices.mozgcp.net
                		34.160.144.191
                		truefalse
                  		unknown
                  youtube-ui.l.google.com
                  		142.250.186.78
                  		truefalse
                    		unknown
                    us-west1.prod.sumo.prod.webservices.mozgcp.net
                    		34.149.128.2
                    		truefalse
                      		unknown
                      reddit.map.fastly.net
                      		151.101.1.140
                      		truefalse
                        		unknown
                        ipv4only.arpa
                        		192.0.0.171
                        		truefalse
                          		unknown
                          prod.ads.prod.webservices.mozgcp.net
                          		34.117.188.166
                          		truefalse
                            		unknown
                            push.services.mozilla.com
                            		34.107.243.93
                            		truefalse
                              		unknown
                              normandy-cdn.services.mozilla.com
                              		35.201.103.21
                              		truefalse
                                		unknown
                                telemetry-incoming.r53-2.services.mozilla.com
                                		34.120.208.123
                                		truefalse
                                  		unknown
                                  www.reddit.com
                                  		unknown
                                  		unknownfalse
                                    		unknown
                                    spocs.getpocket.com
                                    		unknown
                                    		unknownfalse
                                      		unknown
                                      content-signature-2.cdn.mozilla.net
                                      		unknown
                                      		unknownfalse
                                        		unknown
                                        support.mozilla.org
                                        		unknown
                                        		unknownfalse
                                          		unknown
                                          firefox.settings.services.mozilla.com
                                          		unknown
                                          		unknownfalse
                                            		unknown
                                            www.youtube.com
                                            		unknown
                                            		unknownfalse
                                              		unknown
                                              www.facebook.com
                                              		unknown
                                              		unknownfalse
                                                		unknown
                                                detectportal.firefox.com
                                                		unknown
                                                		unknownfalse
                                                  		unknown
                                                  normandy.cdn.mozilla.net
                                                  		unknown
                                                  		unknownfalse
                                                    		unknown
                                                    shavar.services.mozilla.com
                                                    		unknown
                                                    		unknownfalse
                                                      		unknown
                                                      www.wikipedia.org
                                                      		unknown
                                                      		unknownfalse
                                                        		unknown

                                                        URLs from Memory and Binaries

                                                        NameSourceMaliciousAntivirus DetectionReputation
                                                        https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-firefox.exe, 0000000F.00000002.3017668683.0000023053800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3011970913.000001DFBD040000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3012728326.000002AAAC120000.00000002.10000000.00040000.00000000.sdmpfalse
                                                          		unknown
                                                          https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_lfirefox.exe, 00000014.00000002.3013833310.000002AAAC2C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          • URL Reputation: safe
                                                          		unknown
                                                          https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%firefox.exe, 0000000F.00000002.3017668683.0000023053800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3011970913.000001DFBD040000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3012728326.000002AAAC120000.00000002.10000000.00040000.00000000.sdmpfalse
                                                          • URL Reputation: safe
                                                          		unknown
                                                          http://www.mozilla.com0gmpopenh264.dll.tmp.13.drfalse
                                                          • URL Reputation: safe
                                                          		unknown
                                                          https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.firefox.exe, 0000000F.00000002.3013635563.00000230537CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3013719106.000001DFBD2EE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3018133673.000002AAAC403000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.13.drfalse
                                                          • URL Reputation: safe
                                                          		unknown
                                                          https://developer.mozilla.org/en-US/docs/Web/Web_Components/Using_custom_elements#using_the_lifecyclfirefox.exe, 0000000D.00000003.1889132940.0000021578E62000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1927677562.0000021578E65000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1891104411.0000021578E65000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1890190402.0000021578E69000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          • URL Reputation: safe
                                                          		unknown
                                                          https://merino.services.mozilla.com/api/v1/suggestfirefox.exe, 00000010.00000002.3013719106.000001DFBD2CC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3013833310.000002AAAC28F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          • URL Reputation: safe
                                                          		unknown
                                                          https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protectfirefox.exe, 0000000F.00000002.3017668683.0000023053800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3011970913.000001DFBD040000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3012728326.000002AAAC120000.00000002.10000000.00040000.00000000.sdmpfalse
                                                          • URL Reputation: safe
                                                          		unknown
                                                          https://completion.amazon.com/search/complete?q=firefox.exe, 0000000D.00000003.1823895019.0000021570B77000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1823136109.0000021570900000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1823242296.0000021570B1F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1823726653.0000021570B5A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1823489215.0000021570B3C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          • URL Reputation: safe
                                                          		unknown
                                                          https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-reportfirefox.exe, 0000000F.00000002.3017668683.0000023053800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3011970913.000001DFBD040000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3012728326.000002AAAC120000.00000002.10000000.00040000.00000000.sdmpfalse
                                                          • URL Reputation: safe
                                                          		unknown
                                                          https://identity.mozilla.com/ids/ecosystem_telemetryUfirefox.exe, 0000000D.00000003.2042327233.000002157A966000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          • URL Reputation: safe
                                                          		unknown
                                                          https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tabfirefox.exe, 0000000F.00000002.3017668683.0000023053800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3011970913.000001DFBD040000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3012728326.000002AAAC120000.00000002.10000000.00040000.00000000.sdmpfalse
                                                          • URL Reputation: safe
                                                          		unknown
                                                          https://monitor.firefox.com/breach-details/firefox.exe, 0000000F.00000002.3017668683.0000023053800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3011970913.000001DFBD040000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3012728326.000002AAAC120000.00000002.10000000.00040000.00000000.sdmpfalse
                                                          • URL Reputation: safe
                                                          		unknown
                                                          https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEMfirefox.exe, 0000000F.00000002.3017668683.0000023053800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3011970913.000001DFBD040000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3012728326.000002AAAC120000.00000002.10000000.00040000.00000000.sdmpfalse
                                                          • URL Reputation: safe
                                                          		unknown
                                                          https://www.amazon.com/exec/obidos/external-search/firefox.exe, 0000000D.00000003.1921396955.00000215792FD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1823895019.0000021570B77000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1936368615.00000215792FD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1823136109.0000021570900000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1823242296.0000021570B1F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1823726653.0000021570B5A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1823489215.0000021570B3C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1947746820.00000215792FC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		unknown
                                                            https://www.msn.comfirefox.exe, 0000000D.00000003.2048604689.0000021574287000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1959969927.0000021574287000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		unknown
                                                              https://github.com/mozilla-services/screenshotsfirefox.exe, 0000000D.00000003.1823895019.0000021570B77000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1823136109.0000021570900000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1823242296.0000021570B1F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1823726653.0000021570B5A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1823489215.0000021570B3C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		unknown
                                                                https://services.addons.mozilla.org/api/v4/addons/addon/firefox.exe, 0000000F.00000002.3017668683.0000023053800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3011970913.000001DFBD040000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3012728326.000002AAAC120000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                • URL Reputation: safe
                                                                		unknown
                                                                https://tracking-protection-issues.herokuapp.com/newfirefox.exe, 0000000F.00000002.3017668683.0000023053800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3011970913.000001DFBD040000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3012728326.000002AAAC120000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                • URL Reputation: safe
                                                                		unknown
                                                                https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-reportfirefox.exe, 0000000F.00000002.3017668683.0000023053800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3011970913.000001DFBD040000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3012728326.000002AAAC120000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                • URL Reputation: safe
                                                                		unknown
                                                                https://youtube.com/firefox.exe, 0000000D.00000003.2043954719.000002157B353000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		unknown
                                                                  https://content-signature-2.cdn.mozilla.net/firefox.exe, 0000000D.00000003.1896111310.0000021572473000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  • URL Reputation: safe
                                                                  		unknown
                                                                  https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94firefox.exe, 0000000F.00000002.3013635563.00000230537CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3013719106.000001DFBD2EE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3018133673.000002AAAC403000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.13.drfalse
                                                                    		unknown
                                                                    https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-reportfirefox.exe, 0000000F.00000002.3017668683.0000023053800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3011970913.000001DFBD040000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3012728326.000002AAAC120000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    https://api.accounts.firefox.com/v1firefox.exe, 0000000F.00000002.3017668683.0000023053800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3011970913.000001DFBD040000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3012728326.000002AAAC120000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    https://www.amazon.com/firefox.exe, 0000000D.00000003.1894794464.00000215726BE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		unknown
                                                                      https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/firefox.exe, 0000000F.00000002.3017668683.0000023053800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3011970913.000001DFBD040000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3012728326.000002AAAC120000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                        		unknown
                                                                        https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protectionsfirefox.exe, 0000000F.00000002.3017668683.0000023053800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3011970913.000001DFBD040000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3012728326.000002AAAC120000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                        • URL Reputation: safe
                                                                        		unknown
                                                                        https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&ctafirefox.exe, 0000000F.00000002.3013635563.00000230537CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3013719106.000001DFBD2EE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3018133673.000002AAAC403000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.13.drfalse
                                                                          		unknown
                                                                          http://win.mail.ru/cgi-bin/sentmsg?mailto=%sfirefox.exe, 0000000D.00000003.1942255482.000002156CE7D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          • URL Reputation: safe
                                                                          		unknown
                                                                          https://www.youtube.com/firefox.exe, 00000014.00000002.3013833310.000002AAAC20C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		unknown
                                                                            https://bugzilla.mozilla.org/show_bug.cgi?id=1283601firefox.exe, 0000000D.00000003.2019800423.00000215735DF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            • URL Reputation: safe
                                                                            		unknown
                                                                            https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shieldfirefox.exe, 0000000F.00000002.3017668683.0000023053800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3011970913.000001DFBD040000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3012728326.000002AAAC120000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                            • URL Reputation: safe
                                                                            		unknown
                                                                            https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=firefox.exe, 00000014.00000002.3013833310.000002AAAC2C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            • URL Reputation: safe
                                                                            		unknown
                                                                            http://127.0.0.1:firefox.exe, 0000000D.00000003.2051613411.00000215737AA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.3017668683.0000023053800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3011970913.000001DFBD040000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3012728326.000002AAAC120000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                              		unknown
                                                                              https://bugzilla.mozilla.org/show_bug.cgi?id=1266220firefox.exe, 0000000D.00000003.2012678179.0000021570324000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2020664374.0000021570AAC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              • URL Reputation: safe
                                                                              		unknown
                                                                              https://searchfox.org/mozilla-central/source/toolkit/components/search/SearchUtils.jsm#145-152firefox.exe, 0000000D.00000003.1957877593.0000021579209000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              • URL Reputation: safe
                                                                              		unknown
                                                                              https://bugzilla.mofirefox.exe, 0000000D.00000003.2049013737.0000021574240000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2050063553.0000021573892000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              • URL Reputation: safe
                                                                              		unknown
                                                                              https://mitmdetection.services.mozilla.com/firefox.exe, 0000000F.00000002.3017668683.0000023053800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3011970913.000001DFBD040000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3012728326.000002AAAC120000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                              • URL Reputation: safe
                                                                              		unknown
                                                                              https://youtube.com/account?=recovery.jsonlz4.tmp.13.drfalse
                                                                                		unknown
                                                                                https://spocs.getpocket.com/firefox.exe, 0000000D.00000003.2041601667.000002157B3FB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2041897722.000002157A9BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3013719106.000001DFBD212000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3013833310.000002AAAC213000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                • URL Reputation: safe
                                                                                		unknown
                                                                                https://services.addons.mozilla.org/api/v4/abuse/report/addon/firefox.exe, 0000000F.00000002.3017668683.0000023053800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3011970913.000001DFBD040000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3012728326.000002AAAC120000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                • URL Reputation: safe
                                                                                		unknown
                                                                                https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%firefox.exe, 0000000F.00000002.3017668683.0000023053800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3011970913.000001DFBD040000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3012728326.000002AAAC120000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                • URL Reputation: safe
                                                                                		unknown
                                                                                https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-ffirefox.exe, 0000000F.00000002.3017668683.0000023053800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3011970913.000001DFBD040000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3012728326.000002AAAC120000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                • URL Reputation: safe
                                                                                		unknown
                                                                                https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_rfirefox.exe, 0000000F.00000002.3017668683.0000023053800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3011970913.000001DFBD040000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3012728326.000002AAAC120000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                  		unknown
                                                                                  https://monitor.firefox.com/user/breach-stats?includeResolved=truefirefox.exe, 0000000F.00000002.3017668683.0000023053800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3011970913.000001DFBD040000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3012728326.000002AAAC120000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                  • URL Reputation: safe
                                                                                  		unknown
                                                                                  https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-reportfirefox.exe, 0000000F.00000002.3017668683.0000023053800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3011970913.000001DFBD040000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3012728326.000002AAAC120000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                  • URL Reputation: safe
                                                                                  		unknown
                                                                                  http://a9.com/-/spec/opensearch/1.0/firefox.exe, 0000000D.00000003.1894794464.00000215726BE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  • URL Reputation: safe
                                                                                  		unknown
                                                                                  https://safebrowsing.google.com/safebrowsing/diagnostic?site=firefox.exe, 0000000F.00000002.3017668683.0000023053800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3011970913.000001DFBD040000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3012728326.000002AAAC120000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                  • URL Reputation: safe
                                                                                  		unknown
                                                                                  https://monitor.firefox.com/user/dashboardfirefox.exe, 0000000F.00000002.3017668683.0000023053800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3011970913.000001DFBD040000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3012728326.000002AAAC120000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                  • URL Reputation: safe
                                                                                  		unknown
                                                                                  https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_IDfirefox.exe, 0000000F.00000002.3017668683.0000023053800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3011970913.000001DFBD040000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3012728326.000002AAAC120000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                  • URL Reputation: safe
                                                                                  		unknown
                                                                                  https://monitor.firefox.com/aboutfirefox.exe, 0000000F.00000002.3017668683.0000023053800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3011970913.000001DFBD040000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3012728326.000002AAAC120000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                  • URL Reputation: safe
                                                                                  		unknown
                                                                                  http://mozilla.org/MPL/2.0/.firefox.exe, 0000000D.00000003.1961709821.0000021570B4A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1920718668.000002157293D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1889286597.0000021578E50000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1917988425.0000021571DD4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1953571922.00000215791A5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1927677562.0000021578E3A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1917988425.0000021571DFC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1959969927.00000215742E6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2023980468.000002157293C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1945092471.0000021571EC3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2012678179.0000021570371000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1948258720.00000215747C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2051097146.00000215737C5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1824987631.0000021570B47000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1957877593.0000021579210000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2048604689.0000021574246000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2014463069.000002156DFCB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2023091083.0000021570371000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1916118406.000002157312C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1963644040.0000021570B4C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1928166026.0000021578E19000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		unknown
                                                                                    https://account.bellmedia.cfirefox.exe, 0000000D.00000003.2048604689.0000021574287000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1959969927.0000021574287000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    • URL Reputation: safe
                                                                                    		unknown
                                                                                    http://youtube.com/firefox.exe, 0000000D.00000003.1894794464.00000215726A9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		unknown
                                                                                      https://login.microsoftonline.comfirefox.exe, 0000000D.00000003.2048604689.0000021574287000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1959969927.0000021574287000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2050357007.0000021573860000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      • URL Reputation: safe
                                                                                      		unknown
                                                                                      https://coverage.mozilla.orgfirefox.exe, 0000000F.00000002.3017668683.0000023053800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3011970913.000001DFBD040000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3012728326.000002AAAC120000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                      • URL Reputation: safe
                                                                                      		unknown
                                                                                      http://crl.thawte.com/ThawteTimestampingCA.crl0gmpopenh264.dll.tmp.13.drfalse
                                                                                      • URL Reputation: safe
                                                                                      		unknown
                                                                                      https://www.zhihu.com/firefox.exe, 0000000D.00000003.2074726459.000002157A977000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2042327233.000002157A977000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      • URL Reputation: safe
                                                                                      		unknown
                                                                                      http://a9.com/-/spec/opensearch/1.1/firefox.exe, 0000000D.00000003.1894794464.00000215726BE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      • URL Reputation: safe
                                                                                      		unknown
                                                                                      https://infra.spec.whatwg.org/#ascii-whitespacefirefox.exe, 0000000D.00000003.1889132940.0000021578E62000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1927677562.0000021578E65000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1891104411.0000021578E65000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1890190402.0000021578E69000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      • URL Reputation: safe
                                                                                      		unknown
                                                                                      https://blocked.cdn.mozilla.net/firefox.exe, 0000000F.00000002.3017668683.0000023053800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3011970913.000001DFBD040000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3012728326.000002AAAC120000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                      • URL Reputation: safe
                                                                                      		unknown
                                                                                      https://duckduckgo.com/?t=ffab&q=firefox.exe, 0000000D.00000003.1894794464.00000215726B6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      • URL Reputation: safe
                                                                                      		unknown
                                                                                      https://profiler.firefox.comfirefox.exe, 0000000F.00000002.3017668683.0000023053800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3011970913.000001DFBD040000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3012728326.000002AAAC120000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                      • URL Reputation: safe
                                                                                      		unknown
                                                                                      https://outlook.live.com/default.aspx?rru=compose&to=%sfirefox.exe, 0000000D.00000003.1922554517.0000021570339000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1825089489.0000021570333000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1955457704.0000021570334000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2012678179.0000021570334000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1825938369.000002157031B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1954779430.0000021570339000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1826132790.0000021570333000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2023091083.0000021570334000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      • URL Reputation: safe
                                                                                      		unknown
                                                                                      http://crl.micrfirefox.exe, 0000000D.00000003.2061250320.000002157070A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		unknown
                                                                                        https://identity.mozilla.com/apps/relayfirefox.exe, 0000000D.00000003.2042896685.0000021578F7D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1959301524.0000021578F79000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2040273487.0000021578F69000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        • URL Reputation: safe
                                                                                        		unknown
                                                                                        https://mozilla.cloudflare-dns.com/dns-queryfirefox.exe, 0000000F.00000002.3017668683.0000023053800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3011970913.000001DFBD040000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3012728326.000002AAAC120000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                        • URL Reputation: safe
                                                                                        		unknown
                                                                                        https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings2firefox.exe, 0000000D.00000003.1959969927.00000215742AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2048241940.00000215742B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        • URL Reputation: safe
                                                                                        		unknown
                                                                                        https://bugzilla.mozilla.org/show_bug.cgi?id=1678448firefox.exe, 0000000D.00000003.2019800423.00000215735DF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2021582079.0000021574383000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        • URL Reputation: safe
                                                                                        		unknown
                                                                                        https://mail.yahoo.co.jp/compose/?To=%sfirefox.exe, 0000000D.00000003.1922554517.0000021570339000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1825089489.0000021570333000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1942255482.000002156CE7D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1955457704.0000021570334000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2012678179.0000021570334000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1825938369.000002157031B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1954779430.0000021570339000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1826132790.0000021570333000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2023091083.0000021570334000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		unknown
                                                                                          https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpgfirefox.exe, 0000000F.00000002.3013635563.00000230537CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3013719106.000001DFBD2EE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3018133673.000002AAAC403000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.13.drfalse
                                                                                          • URL Reputation: safe
                                                                                          		unknown
                                                                                          https://contile.services.mozilla.com/v1/tilesfirefox.exe, 0000000D.00000003.2046988010.00000215746F1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.3017668683.0000023053800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3011970913.000001DFBD040000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3012728326.000002AAAC120000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                          • URL Reputation: safe
                                                                                          		unknown
                                                                                          https://monitor.firefox.com/user/preferencesfirefox.exe, 0000000F.00000002.3017668683.0000023053800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3011970913.000001DFBD040000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3012728326.000002AAAC120000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                          • URL Reputation: safe
                                                                                          		unknown
                                                                                          https://screenshots.firefox.com/firefox.exe, 0000000D.00000003.1823489215.0000021570B3C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          • URL Reputation: safe
                                                                                          		unknown
                                                                                          https://www.google.com/searchfirefox.exe, 0000000D.00000003.1894794464.00000215726B6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1921396955.00000215792FD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1823895019.0000021570B77000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1936368615.00000215792FD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1823136109.0000021570900000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1823242296.0000021570B1F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1823726653.0000021570B5A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1823489215.0000021570B3C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1947746820.00000215792FC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		unknown
                                                                                            https://relay.firefox.com/api/v1/firefox.exe, 0000000F.00000002.3017668683.0000023053800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3011970913.000001DFBD040000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3012728326.000002AAAC120000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                              		unknown
                                                                                              https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/tracking-content-reportfirefox.exe, 0000000F.00000002.3017668683.0000023053800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3011970913.000001DFBD040000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3012728326.000002AAAC120000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                              • URL Reputation: safe
                                                                                              		unknown
                                                                                              https://topsites.services.mozilla.com/cid/firefox.exe, 0000000F.00000002.3017668683.0000023053800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3011970913.000001DFBD040000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3012728326.000002AAAC120000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                		unknown
                                                                                                https://twitter.com/firefox.exe, 0000000D.00000003.1894794464.00000215726BE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		unknown
                                                                                                  https://www.olx.pl/firefox.exe, 0000000D.00000003.2074726459.000002157A977000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2042327233.000002157A977000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  • URL Reputation: safe
                                                                                                  		unknown
                                                                                                  http://mozilla.org/Zfirefox.exe, 0000000D.00000003.1939110649.0000021573104000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		unknown
                                                                                                    https://poczta.interia.pl/mh/?mailto=%sfirefox.exe, 0000000D.00000003.1922554517.0000021570339000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1825089489.0000021570333000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1942255482.000002156CE7D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1955457704.0000021570334000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2012678179.0000021570334000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1825938369.000002157031B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1954779430.0000021570339000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1826132790.0000021570333000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2023091083.0000021570334000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    • URL Reputation: safe
                                                                                                    		unknown
                                                                                                    https://www.google.com/complete/searchfirefox.exe, 0000000D.00000003.1890129835.0000021578EAA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1889132940.0000021578EA9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1891004045.0000021578EB5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      		unknown
                                                                                                      https://watch.sling.com/firefox.exe, 0000000D.00000003.1959457511.0000021578F57000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2043006905.0000021578F57000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2040273487.0000021578F57000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      • URL Reputation: safe
                                                                                                      		unknown
                                                                                                      https://getpocket.com/firefox/new_tab_learn_more/firefox.exe, 0000000D.00000003.2040676202.0000021578D6D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2074908033.0000021578D6D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      • URL Reputation: safe
                                                                                                      		unknown
                                                                                                      https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpgfirefox.exe, 0000000F.00000002.3013635563.00000230537CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3013719106.000001DFBD2EE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3018133673.000002AAAC403000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.13.drfalse
                                                                                                      • URL Reputation: safe
                                                                                                      		unknown
                                                                                                      https://github.com/google/closure-compiler/issues/3177firefox.exe, 0000000D.00000003.1889132940.0000021578E62000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1927677562.0000021578E65000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1891104411.0000021578E65000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1890190402.0000021578E69000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        		unknown
                                                                                                        http://compose.mail.yahoo.co.jp/ym/Compose?To=%sfirefox.exe, 0000000D.00000003.1942255482.000002156CE7D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          		unknown
                                                                                                          https://getpocket.com/recommendationsfirefox.exe, 00000014.00000002.3013833310.000002AAAC2C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          • URL Reputation: safe
                                                                                                          		unknown
                                                                                                          https://github.com/lit/lit/blob/main/packages/reactive-element/src/decorators/query.tsfirefox.exe, 0000000D.00000003.1927677562.0000021578E3A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1890554955.0000021578E3C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		unknown
                                                                                                            https://lit.dev/docs/templates/directives/#stylemapfirefox.exe, 0000000D.00000003.1889132940.0000021578E62000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1927677562.0000021578E65000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1891104411.0000021578E65000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1890190402.0000021578E69000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            • URL Reputation: safe
                                                                                                            		unknown
                                                                                                            https://webextensions.settings.services.mozilla.com/v1firefox.exe, 0000000F.00000002.3017668683.0000023053800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3011970913.000001DFBD040000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3012728326.000002AAAC120000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                            • URL Reputation: safe
                                                                                                            		unknown
                                                                                                            https://github.com/lit/lit/blob/main/packages/reactive-element/src/decorators/query-all.tsfirefox.exe, 0000000D.00000003.1927677562.0000021578E3A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1890554955.0000021578E3C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              		unknown
                                                                                                              https://youtube.comfirefox.exe, 0000000D.00000003.2056609829.000002157363E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                		unknown
                                                                                                                https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/firefox-relay-integrationfirefox.exe, 0000000F.00000002.3017668683.0000023053800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3011970913.000001DFBD040000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3012728326.000002AAAC120000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                • URL Reputation: safe
                                                                                                                		unknown
                                                                                                                https://addons.mozilla.org/%LOCALE%/firefox/firefox.exe, 0000000F.00000002.3017668683.0000023053800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3011970913.000001DFBD040000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3012728326.000002AAAC120000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                  		unknown
                                                                                                                  https://spocs.getpocket.comfirefox.exe, 0000000D.00000003.1894794464.00000215726B6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  • URL Reputation: safe
                                                                                                                  		unknown
                                                                                                                  https://developers.google.com/safe-browsing/v4/advisoryfirefox.exe, 0000000F.00000002.3017668683.0000023053800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3011970913.000001DFBD040000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3012728326.000002AAAC120000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                    		unknown
                                                                                                                    https://addons.mozilla.org/%LOCALE%/firefox/language-tools/firefox.exe, 0000000F.00000002.3017668683.0000023053800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3011970913.000001DFBD040000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3012728326.000002AAAC120000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                      		unknown

                                                                                                                      World Map of Contacted IPs

                                                                                                                      • No. of IPs < 25%
                                                                                                                      • 25% < No. of IPs < 50%
                                                                                                                      • 50% < No. of IPs < 75%
                                                                                                                      • 75% < No. of IPs

                                                                                                                      Public IPs

                                                                                                                      IPDomainCountryFlagASNASN NameMalicious
                                                                                                                      34.149.100.209
                                                                                                                      		prod.remote-settings.prod.webservices.mozgcp.netUnited States
                                                                                                                      		2686ATGS-MMD-ASUSfalse
                                                                                                                      34.107.243.93
                                                                                                                      		push.services.mozilla.comUnited States
                                                                                                                      		15169GOOGLEUSfalse
                                                                                                                      151.101.65.91
                                                                                                                      		services.addons.mozilla.orgUnited States
                                                                                                                      		54113FASTLYUSfalse
                                                                                                                      34.107.221.82
                                                                                                                      		prod.detectportal.prod.cloudops.mozgcp.netUnited States
                                                                                                                      		15169GOOGLEUSfalse
                                                                                                                      35.244.181.201
                                                                                                                      		prod.balrog.prod.cloudops.mozgcp.netUnited States
                                                                                                                      		15169GOOGLEUSfalse
                                                                                                                      34.117.188.166
                                                                                                                      		contile.services.mozilla.comUnited States
                                                                                                                      		139070GOOGLE-AS-APGoogleAsiaPacificPteLtdSGfalse
                                                                                                                      142.250.185.174
                                                                                                                      		youtube.comUnited States
                                                                                                                      		15169GOOGLEUSfalse
                                                                                                                      35.201.103.21
                                                                                                                      		normandy-cdn.services.mozilla.comUnited States
                                                                                                                      		15169GOOGLEUSfalse
                                                                                                                      35.190.72.216
                                                                                                                      		prod.classify-client.prod.webservices.mozgcp.netUnited States
                                                                                                                      		15169GOOGLEUSfalse
                                                                                                                      34.160.144.191
                                                                                                                      		prod.content-signature-chains.prod.webservices.mozgcp.netUnited States
                                                                                                                      		2686ATGS-MMD-ASUSfalse
                                                                                                                      34.120.208.123
                                                                                                                      		telemetry-incoming.r53-2.services.mozilla.comUnited States
                                                                                                                      		15169GOOGLEUSfalse

                                                                                                                      Private

                                                                                                                      IP
                                                                                                                      127.0.0.1

                                                                                                                      General Information

                                                                                                                      Joe Sandbox version:41.0.0 Charoite
                                                                                                                      Analysis ID:1543056
                                                                                                                      Start date and time:2024-10-27 07:27:11 +01:00
                                                                                                                      Joe Sandbox product:CloudBasic
                                                                                                                      Overall analysis duration:0h 7m 16s
                                                                                                                      Hypervisor based Inspection enabled:false
                                                                                                                      Report type:full
                                                                                                                      Cookbook file name:default.jbs
                                                                                                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                      Number of analysed new started processes analysed:22
                                                                                                                      Number of new started drivers analysed:0
                                                                                                                      Number of existing processes analysed:0
                                                                                                                      Number of existing drivers analysed:0
                                                                                                                      Number of injected processes analysed:0
                                                                                                                      Technologies:
                                                                                                                      • HCA enabled
                                                                                                                      • EGA enabled
                                                                                                                      • AMSI enabled
                                                                                                                      Analysis Mode:default
                                                                                                                      Analysis stop reason:Timeout
                                                                                                                      Sample name:XlKQ797V2E.exe
                                                                                                                      renamed because original name is a hash value
                                                                                                                      Original Sample Name:8d1d2122c8a31716baf394bb1e4c6f28.exe
                                                                                                                      Detection:MAL
                                                                                                                      Classification:mal64.evad.winEXE@34/36@68/12
                                                                                                                      EGA Information:
                                                                                                                      • Successful, ratio: 50%
                                                                                                                      HCA Information:
                                                                                                                      • Successful, ratio: 95%
                                                                                                                      • Number of executed functions: 40
                                                                                                                      • Number of non-executed functions: 311
                                                                                                                      Cookbook Comments:
                                                                                                                      • Found application associated with file extension: .exe

                                                                                                                      Warnings

                                                                                                                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                                                      • Excluded IPs from analysis (whitelisted): 184.28.90.27, 35.155.254.84, 52.32.18.233, 44.238.230.7, 142.250.184.238, 2.22.61.72, 2.22.61.59, 142.250.185.74, 216.58.212.138, 142.250.184.206
                                                                                                                      • Excluded domains from analysis (whitelisted): fs.microsoft.com, shavar.prod.mozaws.net, ciscobinary.openh264.org, slscr.update.microsoft.com, otelrules.azureedge.net, incoming.telemetry.mozilla.org, ctldl.windowsupdate.com, a17.rackcdn.com.mdc.edgesuite.net, detectportal.prod.mozaws.net, aus5.mozilla.org, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, fe3cr.delivery.mp.microsoft.com, a19.dscg10.akamai.net, ocsp.digicert.com, redirector.gvt1.com, e16604.g.akamaiedge.net, safebrowsing.googleapis.com, prod.fs.microsoft.com.akadns.net, location.services.mozilla.com
                                                                                                                      • Not all processes where analyzed, report is missing behavior information
                                                                                                                      • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                      • Report size getting too big, too many NtCreateFile calls found.
                                                                                                                      • Report size getting too big, too many NtOpenFile calls found.

                                                                                                                      Simulations

                                                                                                                      Behavior and APIs

                                                                                                                      TimeTypeDescription
                                                                                                                      02:28:27API Interceptor1x Sleep call for process: firefox.exe modified

                                                                                                                      Joe Sandbox View / Context

                                                                                                                      IPs

                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                      34.117.188.166file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                              file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                          34.149.100.209file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                              file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                        file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                              34.160.144.191file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                        file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                            file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                              file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                  151.101.65.91file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                      file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                              file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                  file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                    file.exeGet hashmaliciousUnknownBrowse

                                                                                                                                                                                                      Domains

                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                      services.addons.mozilla.orgfile.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                      • 151.101.129.91
                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                      • 151.101.65.91
                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                      • 151.101.65.91
                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                      • 151.101.1.91
                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                      • 151.101.1.91
                                                                                                                                                                                                      file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                      • 151.101.1.91
                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                      • 151.101.193.91
                                                                                                                                                                                                      file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                      • 151.101.65.91
                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                      • 151.101.65.91
                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                      • 151.101.1.91
                                                                                                                                                                                                      example.orgfile.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                      • 93.184.215.14
                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                      • 93.184.215.14
                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                      • 93.184.215.14
                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                      • 93.184.215.14
                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                      • 93.184.215.14
                                                                                                                                                                                                      file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                      • 93.184.215.14
                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                      • 93.184.215.14
                                                                                                                                                                                                      file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                      • 93.184.215.14
                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                      • 93.184.215.14
                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                      • 93.184.215.14
                                                                                                                                                                                                      twitter.comfile.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                      • 104.244.42.129
                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                      • 104.244.42.1
                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                      • 104.244.42.65
                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                      • 104.244.42.129
                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                      • 104.244.42.65
                                                                                                                                                                                                      file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                      • 104.244.42.193
                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                      • 104.244.42.193
                                                                                                                                                                                                      file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                      • 104.244.42.1
                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                      • 104.244.42.1
                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                      • 104.244.42.193
                                                                                                                                                                                                      star-mini.c10r.facebook.comfile.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                      • 157.240.251.35
                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                      • 157.240.251.35
                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                      • 157.240.253.35
                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                      • 157.240.251.35
                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                      • 157.240.0.35
                                                                                                                                                                                                      file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                      • 157.240.251.35
                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                      • 157.240.253.35
                                                                                                                                                                                                      file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                      • 157.240.251.35
                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                      • 157.240.253.35
                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                      • 157.240.251.35

                                                                                                                                                                                                      ASNs

                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                      GOOGLE-AS-APGoogleAsiaPacificPteLtdSGfile.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                      • 34.117.188.166
                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                      • 34.117.188.166
                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                      • 34.117.188.166
                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                      • 34.117.188.166
                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                      • 34.117.188.166
                                                                                                                                                                                                      file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                      • 34.117.188.166
                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                      • 34.117.188.166
                                                                                                                                                                                                      file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                      • 34.117.188.166
                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                      • 34.117.188.166
                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                      • 34.117.188.166
                                                                                                                                                                                                      ATGS-MMD-ASUSfile.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                      file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                      file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                      la.bot.m68k.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                      • 56.207.28.62
                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                      FASTLYUSfile.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                      • 151.101.129.91
                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                      • 151.101.65.91
                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                      • 151.101.65.91
                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                      • 151.101.1.91
                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                      • 151.101.1.91
                                                                                                                                                                                                      file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                      • 151.101.1.91
                                                                                                                                                                                                      https://onlinepdf-qrsharedfile.com/index.html#XYWRhbV9oYW1tZXJtYW5AbnltYy5lZHU=Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                      • 151.101.1.229
                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                      • 151.101.193.91
                                                                                                                                                                                                      file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                      • 151.101.65.91
                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                      • 151.101.65.91
                                                                                                                                                                                                      ATGS-MMD-ASUSfile.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                      file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                      file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                      la.bot.m68k.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                      • 56.207.28.62
                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                      • 34.160.144.191

                                                                                                                                                                                                      JA3 Fingerprints

                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                      fb0aa01abe9d8e4037eb3473ca6e2dcafile.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                      • 35.244.181.201
                                                                                                                                                                                                      • 34.149.100.209
                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                      • 151.101.65.91
                                                                                                                                                                                                      • 34.120.208.123
                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                      • 35.244.181.201
                                                                                                                                                                                                      • 34.149.100.209
                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                      • 151.101.65.91
                                                                                                                                                                                                      • 34.120.208.123
                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                      • 35.244.181.201
                                                                                                                                                                                                      • 34.149.100.209
                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                      • 151.101.65.91
                                                                                                                                                                                                      • 34.120.208.123
                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                      • 35.244.181.201
                                                                                                                                                                                                      • 34.149.100.209
                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                      • 151.101.65.91
                                                                                                                                                                                                      • 34.120.208.123
                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                      • 35.244.181.201
                                                                                                                                                                                                      • 34.149.100.209
                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                      • 151.101.65.91
                                                                                                                                                                                                      • 34.120.208.123
                                                                                                                                                                                                      file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                      • 35.244.181.201
                                                                                                                                                                                                      • 34.149.100.209
                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                      • 151.101.65.91
                                                                                                                                                                                                      • 34.120.208.123
                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                      • 35.244.181.201
                                                                                                                                                                                                      • 34.149.100.209
                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                      • 151.101.65.91
                                                                                                                                                                                                      • 34.120.208.123
                                                                                                                                                                                                      file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                      • 35.244.181.201
                                                                                                                                                                                                      • 34.149.100.209
                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                      • 151.101.65.91
                                                                                                                                                                                                      • 34.120.208.123
                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                      • 35.244.181.201
                                                                                                                                                                                                      • 34.149.100.209
                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                      • 151.101.65.91
                                                                                                                                                                                                      • 34.120.208.123
                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                      • 35.244.181.201
                                                                                                                                                                                                      • 34.149.100.209
                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                      • 151.101.65.91
                                                                                                                                                                                                      • 34.120.208.123

                                                                                                                                                                                                      Dropped Files

                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmpfile.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                              file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                              file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                        file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse

                                                                                                                                                                                                                                              Created / dropped Files

                                                                                                                                                                                                                                              C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\uninstall_ping_308046B0AF4A39CB_a2cb3021-4c44-4599-b3f6-edbaec57071f.json (copy)

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):7813
                                                                                                                                                                                                                                              Entropy (8bit):5.17985305181683
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:192:6FjMXFxScbhbVbTbfbRbObtbyEl7n0riJA6WnSrDtTUd/SkDr/:6FYacNhnzFSJUrRBnSrDhUd/B
                                                                                                                                                                                                                                              MD5:D24399D29EDA4F630012D9D4013484D2
                                                                                                                                                                                                                                              SHA1:587A4EC5C04B0D2B95C7DE68153D89CACF3835FB
                                                                                                                                                                                                                                              SHA-256:7AA6C1670B6AED81CB9E2D40B21EC46A1F00C5E5458A00D660A2DF07DC90F755
                                                                                                                                                                                                                                              SHA-512:18563E1FA925AEFA372DD36EFEEF8CE4DFC7DEA3C6D3B8106EFE33E2FAC33D1229F632AB2D0138BAB2EB32C161B9BB9926E312BCBAFA9C67E64701098F633D82
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:{"type":"uninstall","id":"a2cb3021-4c44-4599-b3f6-edbaec57071f","creationDate":"2024-10-27T08:06:42.194Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"otherInstalls":0},"clientId":"65e71c9e-6ac3-4903-9066-b134350de32c","environment":{"build":{"applicationId":"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}","applicationName":"Firefox","architecture":"x86-64","buildId":"20230927232528","version":"118.0.1","vendor":"Mozilla","displayVersion":"118.0.1","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","updaterAvailable":true},"partner":{"distributionId":null,"distributionVersion":null,"partnerId":null,"distributor":null,"distributorChannel":null,"partnerNames":[]},"system":{"memoryMB":8191,"virtualMaxMB":134217728,"cpu":{"isWindowsSMode":false,"count":4,"cores":2,"vendor":"GenuineIntel","name":"I

                                                                                                                                                                                                                                              C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\uninstall_ping_308046B0AF4A39CB_a2cb3021-4c44-4599-b3f6-edbaec57071f.json.tmp

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):7813
                                                                                                                                                                                                                                              Entropy (8bit):5.17985305181683
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:192:6FjMXFxScbhbVbTbfbRbObtbyEl7n0riJA6WnSrDtTUd/SkDr/:6FYacNhnzFSJUrRBnSrDhUd/B
                                                                                                                                                                                                                                              MD5:D24399D29EDA4F630012D9D4013484D2
                                                                                                                                                                                                                                              SHA1:587A4EC5C04B0D2B95C7DE68153D89CACF3835FB
                                                                                                                                                                                                                                              SHA-256:7AA6C1670B6AED81CB9E2D40B21EC46A1F00C5E5458A00D660A2DF07DC90F755
                                                                                                                                                                                                                                              SHA-512:18563E1FA925AEFA372DD36EFEEF8CE4DFC7DEA3C6D3B8106EFE33E2FAC33D1229F632AB2D0138BAB2EB32C161B9BB9926E312BCBAFA9C67E64701098F633D82
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:{"type":"uninstall","id":"a2cb3021-4c44-4599-b3f6-edbaec57071f","creationDate":"2024-10-27T08:06:42.194Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"otherInstalls":0},"clientId":"65e71c9e-6ac3-4903-9066-b134350de32c","environment":{"build":{"applicationId":"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}","applicationName":"Firefox","architecture":"x86-64","buildId":"20230927232528","version":"118.0.1","vendor":"Mozilla","displayVersion":"118.0.1","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","updaterAvailable":true},"partner":{"distributionId":null,"distributionVersion":null,"partnerId":null,"distributor":null,"distributorChannel":null,"partnerNames":[]},"system":{"memoryMB":8191,"virtualMaxMB":134217728,"cpu":{"isWindowsSMode":false,"count":4,"cores":2,"vendor":"GenuineIntel","name":"I

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\mozilla-temp-files\mozilla-temp-41

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                              File Type:ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):32768
                                                                                                                                                                                                                                              Entropy (8bit):0.4593089050301797
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:48:9SP0nUgwyZXYI65yFRX2D3GNTTfyn0Mk1iA:9SDKaIjo3UzyE1L
                                                                                                                                                                                                                                              MD5:D910AD167F0217587501FDCDB33CC544
                                                                                                                                                                                                                                              SHA1:2F57441CEFDC781011B53C1C5D29AC54835AFC1D
                                                                                                                                                                                                                                              SHA-256:E3699D9404A3FFC1AFF0CA8A3972DC0EF38BDAB927741E9F627C7C55CEA42E81
                                                                                                                                                                                                                                              SHA-512:F1871BF28FF25EE52BDB99C7A80AB715C7CAC164DCD2FD87E681168EE927FD2C5E80E03C91BB638D955A4627213BF575FF4D9EECAEDA7718C128CF2CE8F7CB3D
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:... ftypisom....isomiso2avc1mp41....free....mdat..........E...H..,. .#..x264 - core 152 r2851 ba24899 - H.264/MPEG-4 AVC codec - Copyleft 2003-2017 - http://www.videolan.org/x264.html - options: cabac=1 ref=3 deblock=1:0:0 analyse=0x3:0x113 me=hex subme=7 psy=1 psy_rd=1.00:0.00 mixed_ref=1 me_range=16 chroma_me=1 trellis=1 8x8dct=1 cqm=0 deadzone=21,11 fast_pskip=1 chroma_qp_offset=-2 threads=4 lookahead_threads=1 sliced_threads=0 nr=0 decimate=1 interlaced=0 bluray_compat=0 constrained_intra=0 bframes=3 b_pyramid=2 b_adapt=1 b_bias=0 direct=1 weightb=1 open_gop=0 weightp=2 keyint=250 keyint_min=25 scenecut=40 intra_refresh=0 rc_lookahead=40 rc=crf mbtree=1 crf=23.0 qcomp=0.60 qpmin=0 qpmax=69 qpstep=4 ip_ratio=1.40 aq=1:1.00......e...+...s|.kG3...'.u.."...,J.w.~.d\..(K....!.+..;....h....(.T.*...M......0..~L..8..B..A.y..R..,.zBP.';j.@.].w..........c......C=.'f....gI.$^.......m5V.L...{U..%V[....8......B..i..^,....:...,..5.m.%dA....moov...lmvhd...................(...........

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\tmpaddon

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                              File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):453023
                                                                                                                                                                                                                                              Entropy (8bit):7.997718157581587
                                                                                                                                                                                                                                              Encrypted:true
                                                                                                                                                                                                                                              SSDEEP:12288:tESTeqTI2r4ZbCgUKWKNeRcPMb6qlV7hVZe3:tEsed2Xh9/bdzZe3
                                                                                                                                                                                                                                              MD5:85430BAED3398695717B0263807CF97C
                                                                                                                                                                                                                                              SHA1:FFFBEE923CEA216F50FCE5D54219A188A5100F41
                                                                                                                                                                                                                                              SHA-256:A9F4281F82B3579581C389E8583DC9F477C7FD0E20C9DFC91A2E611E21E3407E
                                                                                                                                                                                                                                              SHA-512:06511F1F6C6D44D076B3C593528C26A602348D9C41689DBF5FF716B671C3CA5756B12CB2E5869F836DEDCE27B1A5CFE79B93C707FD01F8E84B620923BB61B5F1
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:PK.........bN...R..........gmpopenh264.dll..|.E.0.=..I.....1....4f1q.`.........q.....'+....h*m{.z..o_.{w........$..($A!...|L...B&A2.s.{..Dd......c.U.U..9u.S...K.l`...../.d.-....|.....&....9......wn..x......i.#O.+.Y.l......+....,3.3f..\..c.SSS,............N...GG...F.'.&.:'.K.Z&.>.@.g..M...M.`...*.........ZR....^jg.G.Kb.o~va.....<Z..1.#.O.e.....D..X..i..$imBW..Q&.......P.....,M.,..:.c...-...\......*.....-i.K.I..4.a..6..*...Ov=...W..F.CH.>...a.'.x...#@f...d..u.1....OV.1o}....g.5.._.3.J.Hi.Z.ipM....b.Z....%.G..F................/..3.q..J.....o...%.g.N.*.}..).3.N%.!..q*........^I.m..~...6.#.~+.....A...I]r...x..*.<IYj....p0..`S.M@.E..f.=.;!.@.....E..E....... .0.n....Jd..d......uM.-.qI.lR..z..=}..r.D.XLZ....x.$..|c.1.cUkM.&.Qn]..a]t.h..*.!.6 7..Jd.DvKJ"Wgd*%n...w...Jni.inmr.@M.$'Z.s....#)%..Rs..:.h....R....\..t.6..'.g.........Uj+F.cr:|..!..K.W.Y...17......,....r.....>.N..3.R.Y.._\...Ir.DNJdM... .k...&V-....z.%...-...D..i..&...6....7.2T).>..0..%.&.

                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\ExperimentStoreData.json (copy)

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):3621
                                                                                                                                                                                                                                              Entropy (8bit):4.926080261991058
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:96:8S+OfJQPUFpOdwNIOdYVjvYcXaNLKmZ8P:8S+OBIUjOdwiOdYVjjwLKi8P
                                                                                                                                                                                                                                              MD5:624C6554845237BB07C02717CF1D4C4E
                                                                                                                                                                                                                                              SHA1:511B0056FE9F50F304079FF993B24393AC64080F
                                                                                                                                                                                                                                              SHA-256:E9A296965435D5F193BE8C880D3EE9A7176FA1D21D5881FEEE5F35CEE6AFF4AA
                                                                                                                                                                                                                                              SHA-512:952244FE39CAC52BB8511DCD089C62F3A305B0FD89CB1869D5CCCC0C20300C0342F6B7D47E8B8764484853275AED078A91064AC974AEB66F4F2D5ECF6C616BC3
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:{"csv-import-release-rollout":{"slug":"csv-import-release-rollout","branch":{"slug":"enable-csv-import","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pre-95-support"},"features":[{"value":{"csvImport":true},"enabled":true,"featureId":"cm-csv-import"}]},"active":true,"enrollmentId":"c5d95379-f4ee-4629-a507-6f15a0e93cd4","experimentType":"rollout","source":"rs-loader","userFacingName":"CSV Import (Release Rollout)","userFacingDescription":"This rollout enables users to import logins from a CSV file from the about:logins page.","lastSeen":"2023-10-03T11:50:29.548Z","featureIds":["cm-csv-import"],"prefs":[{"name":"signon.management.page.fileImport.enabled","branch":"default","featureId":"cm-csv-import","variable":"csvImport","originalValue":false}],"isRollout":true},"serp-ad-telemetry-rollout":{"slug":"serp-ad-telemetry-rollout","branch":{"slug":"control","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pr

                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\ExperimentStoreData.json.tmp

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):3621
                                                                                                                                                                                                                                              Entropy (8bit):4.926080261991058
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:96:8S+OfJQPUFpOdwNIOdYVjvYcXaNLKmZ8P:8S+OBIUjOdwiOdYVjjwLKi8P
                                                                                                                                                                                                                                              MD5:624C6554845237BB07C02717CF1D4C4E
                                                                                                                                                                                                                                              SHA1:511B0056FE9F50F304079FF993B24393AC64080F
                                                                                                                                                                                                                                              SHA-256:E9A296965435D5F193BE8C880D3EE9A7176FA1D21D5881FEEE5F35CEE6AFF4AA
                                                                                                                                                                                                                                              SHA-512:952244FE39CAC52BB8511DCD089C62F3A305B0FD89CB1869D5CCCC0C20300C0342F6B7D47E8B8764484853275AED078A91064AC974AEB66F4F2D5ECF6C616BC3
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:{"csv-import-release-rollout":{"slug":"csv-import-release-rollout","branch":{"slug":"enable-csv-import","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pre-95-support"},"features":[{"value":{"csvImport":true},"enabled":true,"featureId":"cm-csv-import"}]},"active":true,"enrollmentId":"c5d95379-f4ee-4629-a507-6f15a0e93cd4","experimentType":"rollout","source":"rs-loader","userFacingName":"CSV Import (Release Rollout)","userFacingDescription":"This rollout enables users to import logins from a CSV file from the about:logins page.","lastSeen":"2023-10-03T11:50:29.548Z","featureIds":["cm-csv-import"],"prefs":[{"name":"signon.management.page.fileImport.enabled","branch":"default","featureId":"cm-csv-import","variable":"csvImport","originalValue":false}],"isRollout":true},"serp-ad-telemetry-rollout":{"slug":"serp-ad-telemetry-rollout","branch":{"slug":"control","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pr

                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\addonStartup.json.lz4 (copy)

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                              File Type:Mozilla lz4 compressed data, originally 23432 bytes
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):5312
                                                                                                                                                                                                                                              Entropy (8bit):6.615424734763731
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:96:V2YbKsKNU2xWrp327tGmD4wBON6h6cHaJVJuZMd0JGkkrw2D:VTx2x2t0FDJ4NpwZMd0EJws
                                                                                                                                                                                                                                              MD5:1B9C8056D3619CE5A8C59B0C09873F17
                                                                                                                                                                                                                                              SHA1:1015C630E1937AA63F6AB31743782ECB5D78CCD8
                                                                                                                                                                                                                                              SHA-256:A6AE5DE0733FED050AB570AD9374FF4593D554F695B5AE4E2495871D171D34A3
                                                                                                                                                                                                                                              SHA-512:B1DC9CC675D5476C270A2D5B214D3DF2B3856576ED7EFE92D9A606C2D9D34E781018902AE75CE9C1E25007BB7F8D8F7B52997E6F05B845EF44BAF22F614FE899
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:mozLz40..[....{"app-system-defaults":{"addon....formautofill@mozilla.org&..Gdependencies":[],"enabled":true,"lastModifiedTime":1695865283000,"loader":null,"path":s.....xpi","recommendationStateA...rootURI":"jar:file:///C:/Program%20Files/M.......refox/browser/features/...... !/...unInSafeMode..wsignedD...telemetryKey..7%40R...:1.0.1","version":"..`},"pic..#in.....T.n..w...........S.......(.[......0....0"},"screenshots..T.r.....[.......(.V....-39.......},"webcompat-reporter...Ofals..&.z.....[.......(.]....=1.5.............<.)....p....d......1.z.!18...5.....startupData...pX.astentL..!er...webRequest%..onBefore...[[{"incognitoi.UtabId..!yp...."main_frame"],"url...."*://login.microsoftonline.com/*","..@us/*L.dwindows...},["blocking"]],...Iimag...https://smartT.".f.....etp/facebook.svg",...Aplay*....8`script...P.....-....-testbed.herokuapp\.`shims_..3.jsh.bexampl|.......Pexten{..Q../?..s...S.J/_2..@&_3U..s7.addthis . ic...officialK......-angularjs/current/dist(..t.min.js...track.adB...net/s

                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\addonStartup.json.lz4.tmp

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                              File Type:Mozilla lz4 compressed data, originally 23432 bytes
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):5312
                                                                                                                                                                                                                                              Entropy (8bit):6.615424734763731
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:96:V2YbKsKNU2xWrp327tGmD4wBON6h6cHaJVJuZMd0JGkkrw2D:VTx2x2t0FDJ4NpwZMd0EJws
                                                                                                                                                                                                                                              MD5:1B9C8056D3619CE5A8C59B0C09873F17
                                                                                                                                                                                                                                              SHA1:1015C630E1937AA63F6AB31743782ECB5D78CCD8
                                                                                                                                                                                                                                              SHA-256:A6AE5DE0733FED050AB570AD9374FF4593D554F695B5AE4E2495871D171D34A3
                                                                                                                                                                                                                                              SHA-512:B1DC9CC675D5476C270A2D5B214D3DF2B3856576ED7EFE92D9A606C2D9D34E781018902AE75CE9C1E25007BB7F8D8F7B52997E6F05B845EF44BAF22F614FE899
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:mozLz40..[....{"app-system-defaults":{"addon....formautofill@mozilla.org&..Gdependencies":[],"enabled":true,"lastModifiedTime":1695865283000,"loader":null,"path":s.....xpi","recommendationStateA...rootURI":"jar:file:///C:/Program%20Files/M.......refox/browser/features/...... !/...unInSafeMode..wsignedD...telemetryKey..7%40R...:1.0.1","version":"..`},"pic..#in.....T.n..w...........S.......(.[......0....0"},"screenshots..T.r.....[.......(.V....-39.......},"webcompat-reporter...Ofals..&.z.....[.......(.]....=1.5.............<.)....p....d......1.z.!18...5.....startupData...pX.astentL..!er...webRequest%..onBefore...[[{"incognitoi.UtabId..!yp...."main_frame"],"url...."*://login.microsoftonline.com/*","..@us/*L.dwindows...},["blocking"]],...Iimag...https://smartT.".f.....etp/facebook.svg",...Aplay*....8`script...P.....-....-testbed.herokuapp\.`shims_..3.jsh.bexampl|.......Pexten{..Q../?..s...S.J/_2..@&_3U..s7.addthis . ic...officialK......-angularjs/current/dist(..t.min.js...track.adB...net/s

                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\addons.json (copy)

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):24
                                                                                                                                                                                                                                              Entropy (8bit):3.91829583405449
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:3:YWGifTJE6iHQ:YWGif9EE
                                                                                                                                                                                                                                              MD5:3088F0272D29FAA42ED452C5E8120B08
                                                                                                                                                                                                                                              SHA1:C72AA542EF60AFA3DF5DFE1F9FCC06C0B135BE23
                                                                                                                                                                                                                                              SHA-256:D587CEC944023447DC91BC5F71E2291711BA5ADD337464837909A26F34BC5A06
                                                                                                                                                                                                                                              SHA-512:B662414EDD6DEF8589304904263584847586ECCA0B0E6296FB3ADB2192D92FB48697C99BD27C4375D192150E3F99102702AF2391117FFF50A9763C74C193D798
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:{"schema":6,"addons":[]}

                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\addons.json.tmp

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):24
                                                                                                                                                                                                                                              Entropy (8bit):3.91829583405449
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:3:YWGifTJE6iHQ:YWGif9EE
                                                                                                                                                                                                                                              MD5:3088F0272D29FAA42ED452C5E8120B08
                                                                                                                                                                                                                                              SHA1:C72AA542EF60AFA3DF5DFE1F9FCC06C0B135BE23
                                                                                                                                                                                                                                              SHA-256:D587CEC944023447DC91BC5F71E2291711BA5ADD337464837909A26F34BC5A06
                                                                                                                                                                                                                                              SHA-512:B662414EDD6DEF8589304904263584847586ECCA0B0E6296FB3ADB2192D92FB48697C99BD27C4375D192150E3F99102702AF2391117FFF50A9763C74C193D798
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:{"schema":6,"addons":[]}

                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\content-prefs.sqlite

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                              File Type:SQLite 3.x database, user version 5, last written using SQLite version 3042000, page size 32768, file counter 5, database pages 8, cookie 0x6, schema 4, largest root page 8, UTF-8, vacuum mode 1, version-valid-for 5
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):262144
                                                                                                                                                                                                                                              Entropy (8bit):0.04905391753567332
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:24:DLivwae+Q8Uu50xj0aWe9LxYkKA25Q5tvAA:D6wae+QtMImelekKDa5
                                                                                                                                                                                                                                              MD5:DD9D28E87ED57D16E65B14501B4E54D1
                                                                                                                                                                                                                                              SHA1:793839B47326441BE2D1336BA9A61C9B948C578D
                                                                                                                                                                                                                                              SHA-256:BB4E6C58C50BD6399ED70468C02B584595C29F010B66F864CD4D6B427FA365BC
                                                                                                                                                                                                                                              SHA-512:A2626F6A3CBADE62E38DA5987729D99830D0C6AA134D4A9E615026A5F18ACBB11A2C3C80917DAD76DA90ED5BAA9B0454D4A3C2DD04436735E78C974BA1D035B1
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:SQLite format 3......@ ..........................................................................j......|....~.}.}z}-|.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\crashes\store.json.mozlz4 (copy)

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                              File Type:Mozilla lz4 compressed data, originally 56 bytes
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):66
                                                                                                                                                                                                                                              Entropy (8bit):4.837595020998689
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:3:3fX/xH8IXl/I3v0lb7iioW:vXpH1RPXt
                                                                                                                                                                                                                                              MD5:A6338865EB252D0EF8FCF11FA9AF3F0D
                                                                                                                                                                                                                                              SHA1:CECDD4C4DCAE10C2FFC8EB938121B6231DE48CD3
                                                                                                                                                                                                                                              SHA-256:078648C042B9B08483CE246B7F01371072541A2E90D1BEB0C8009A6118CBD965
                                                                                                                                                                                                                                              SHA-512:D950227AC83F4E8246D73F9F35C19E88CE65D0CA5F1EF8CCBB02ED6EFC66B1B7E683E2BA0200279D7CA4B49831FD8C3CEB0584265B10ACCFF2611EC1CA8C0C6C
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:mozLz40.8.....{"v":1,"crashes":{},"countsByDay....rruptDate":null}

                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\crashes\store.json.mozlz4.tmp

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                              File Type:Mozilla lz4 compressed data, originally 56 bytes
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):66
                                                                                                                                                                                                                                              Entropy (8bit):4.837595020998689
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:3:3fX/xH8IXl/I3v0lb7iioW:vXpH1RPXt
                                                                                                                                                                                                                                              MD5:A6338865EB252D0EF8FCF11FA9AF3F0D
                                                                                                                                                                                                                                              SHA1:CECDD4C4DCAE10C2FFC8EB938121B6231DE48CD3
                                                                                                                                                                                                                                              SHA-256:078648C042B9B08483CE246B7F01371072541A2E90D1BEB0C8009A6118CBD965
                                                                                                                                                                                                                                              SHA-512:D950227AC83F4E8246D73F9F35C19E88CE65D0CA5F1EF8CCBB02ED6EFC66B1B7E683E2BA0200279D7CA4B49831FD8C3CEB0584265B10ACCFF2611EC1CA8C0C6C
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:mozLz40.8.....{"v":1,"crashes":{},"countsByDay....rruptDate":null}

                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\extensions.json (copy)

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):36830
                                                                                                                                                                                                                                              Entropy (8bit):5.185924656884556
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:768:wI43DvfWXf4E6C4p4EC4Y4QfEWvM4B4QS4z4444XQ4U:wUfdvk
                                                                                                                                                                                                                                              MD5:5656BA69BD2966108A461AAE35F60226
                                                                                                                                                                                                                                              SHA1:9C2E5AE52D82CEA43C4A5FFF205A7700CF54D61C
                                                                                                                                                                                                                                              SHA-256:587596712960B26EAC18CB354CCD633FFDB218E374A9D59EFEA843914D7AB299
                                                                                                                                                                                                                                              SHA-512:38F715AD9156558B5D57CA2E75FB0FFE0C5C6728BD94484B8F15E090120DDD02DCE42DBC9CC7143AD6552460A5F3A40E577FAF1D76D5D40B25CDBE636F250054
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:{"schemaVersion":35,"addons":[{"id":"formautofill@mozilla.org","syncGUID":"{60024e8e-cfd0-41e5-965d-7128c7dcf0e8}","version":"1.0.1","type":"extension","loader":null,"updateURL":null,"installOrigins":null,"manifestVersion":2,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"Form Autofill","creator":null,"developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"embedderDisabled":false,"installDate":1695865283000,"updateDate":1695865283000,"applyBackgroundUpdates":1,"path":"C:\\Program Files\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi","skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":null,"maxVersion":null}],"targetPlatforms":[],"signedDate":null,"seen":true,"dependencies":[],"incognito":"

                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\extensions.json.tmp

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):36830
                                                                                                                                                                                                                                              Entropy (8bit):5.185924656884556
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:768:wI43DvfWXf4E6C4p4EC4Y4QfEWvM4B4QS4z4444XQ4U:wUfdvk
                                                                                                                                                                                                                                              MD5:5656BA69BD2966108A461AAE35F60226
                                                                                                                                                                                                                                              SHA1:9C2E5AE52D82CEA43C4A5FFF205A7700CF54D61C
                                                                                                                                                                                                                                              SHA-256:587596712960B26EAC18CB354CCD633FFDB218E374A9D59EFEA843914D7AB299
                                                                                                                                                                                                                                              SHA-512:38F715AD9156558B5D57CA2E75FB0FFE0C5C6728BD94484B8F15E090120DDD02DCE42DBC9CC7143AD6552460A5F3A40E577FAF1D76D5D40B25CDBE636F250054
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:{"schemaVersion":35,"addons":[{"id":"formautofill@mozilla.org","syncGUID":"{60024e8e-cfd0-41e5-965d-7128c7dcf0e8}","version":"1.0.1","type":"extension","loader":null,"updateURL":null,"installOrigins":null,"manifestVersion":2,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"Form Autofill","creator":null,"developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"embedderDisabled":false,"installDate":1695865283000,"updateDate":1695865283000,"applyBackgroundUpdates":1,"path":"C:\\Program Files\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi","skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":null,"maxVersion":null}],"targetPlatforms":[],"signedDate":null,"seen":true,"dependencies":[],"incognito":"

                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\favicons.sqlite-shm

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):32768
                                                                                                                                                                                                                                              Entropy (8bit):0.017262956703125623
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                                                                                                                                                                                              MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                                                                                                                                                                                              SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                                                                                                                                                                                              SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                                                                                                                                                                                              SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):1021904
                                                                                                                                                                                                                                              Entropy (8bit):6.648417932394748
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:12288:vYLdTfFKbNSjv92eFN+3wH+NYriA0Iq6lh6VawYIpAvwHN/Uf1h47HAfg1oet:vYLdTZ923NYrjwNpgwef1hzfg1x
                                                                                                                                                                                                                                              MD5:FE3355639648C417E8307C6D051E3E37
                                                                                                                                                                                                                                              SHA1:F54602D4B4778DA21BC97C7238FC66AA68C8EE34
                                                                                                                                                                                                                                              SHA-256:1ED7877024BE63A049DA98733FD282C16BD620530A4FB580DACEC3A78ACE914E
                                                                                                                                                                                                                                              SHA-512:8F4030BB2464B98ECCBEA6F06EB186D7216932702D94F6B84C56419E9CF65A18309711AB342D1513BF85AED402BC3535A70DB4395874828F0D35C278DD2EAC9C
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                              Joe Sandbox View:
                                                                                                                                                                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......NH...)...)...)..eM...)..eM...)..eM..)..eM...)...)..i)..XA...)..XA..;)..XA...)...)..g)..cA...)..cA...)..Rich.)..........PE..d....z\.........." .....t................................................................`.........................................P...,...|...(............P...H...z.................T...........................0...................p............................text...$s.......t.................. ..`.rdata...~...........x..............@..@.data....3..........................@....pdata...H...P...J..................@..@.rodata..............^..............@..@.reloc...............j..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):1021904
                                                                                                                                                                                                                                              Entropy (8bit):6.648417932394748
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:12288:vYLdTfFKbNSjv92eFN+3wH+NYriA0Iq6lh6VawYIpAvwHN/Uf1h47HAfg1oet:vYLdTZ923NYrjwNpgwef1hzfg1x
                                                                                                                                                                                                                                              MD5:FE3355639648C417E8307C6D051E3E37
                                                                                                                                                                                                                                              SHA1:F54602D4B4778DA21BC97C7238FC66AA68C8EE34
                                                                                                                                                                                                                                              SHA-256:1ED7877024BE63A049DA98733FD282C16BD620530A4FB580DACEC3A78ACE914E
                                                                                                                                                                                                                                              SHA-512:8F4030BB2464B98ECCBEA6F06EB186D7216932702D94F6B84C56419E9CF65A18309711AB342D1513BF85AED402BC3535A70DB4395874828F0D35C278DD2EAC9C
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                              Joe Sandbox View:
                                                                                                                                                                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......NH...)...)...)..eM...)..eM...)..eM..)..eM...)...)..i)..XA...)..XA..;)..XA...)...)..g)..cA...)..cA...)..Rich.)..........PE..d....z\.........." .....t................................................................`.........................................P...,...|...(............P...H...z.................T...........................0...................p............................text...$s.......t.................. ..`.rdata...~...........x..............@..@.data....3..........................@....pdata...H...P...J..................@..@.rodata..............^..............@..@.reloc...............j..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info (copy)

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):116
                                                                                                                                                                                                                                              Entropy (8bit):4.968220104601006
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:3:C3OuN9RAM7VDXcEzq+rEakOvTMBv+FdBAIABv+FEn:0BDUmHlvAWeWEn
                                                                                                                                                                                                                                              MD5:3D33CDC0B3D281E67DD52E14435DD04F
                                                                                                                                                                                                                                              SHA1:4DB88689282FD4F9E9E6AB95FCBB23DF6E6485DB
                                                                                                                                                                                                                                              SHA-256:F526E9F98841D987606EFEAFF7F3E017BA9FD516C4BE83890C7F9A093EA4C47B
                                                                                                                                                                                                                                              SHA-512:A4A96743332CC8EF0F86BC2E6122618BFC75ED46781DADBAC9E580CD73DF89E74738638A2CCCB4CAA4CBBF393D771D7F2C73F825737CDB247362450A0D4A4BC1
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:Name: gmpopenh264.Description: GMP Plugin for OpenH264..Version: 1.8.1.APIs: encode-video[h264], decode-video[h264].

                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info.tmp

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):116
                                                                                                                                                                                                                                              Entropy (8bit):4.968220104601006
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:3:C3OuN9RAM7VDXcEzq+rEakOvTMBv+FdBAIABv+FEn:0BDUmHlvAWeWEn
                                                                                                                                                                                                                                              MD5:3D33CDC0B3D281E67DD52E14435DD04F
                                                                                                                                                                                                                                              SHA1:4DB88689282FD4F9E9E6AB95FCBB23DF6E6485DB
                                                                                                                                                                                                                                              SHA-256:F526E9F98841D987606EFEAFF7F3E017BA9FD516C4BE83890C7F9A093EA4C47B
                                                                                                                                                                                                                                              SHA-512:A4A96743332CC8EF0F86BC2E6122618BFC75ED46781DADBAC9E580CD73DF89E74738638A2CCCB4CAA4CBBF393D771D7F2C73F825737CDB247362450A0D4A4BC1
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:Name: gmpopenh264.Description: GMP Plugin for OpenH264..Version: 1.8.1.APIs: encode-video[h264], decode-video[h264].

                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\permissions.sqlite

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                              File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, file counter 4, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):98304
                                                                                                                                                                                                                                              Entropy (8bit):0.07330954253084
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:12:DBl/A0OWla0mwPxRymgObsCVR45wcYR4fmnsCVR4zkiIo:DLhesh7Owd4+ji
                                                                                                                                                                                                                                              MD5:5DDBC9EB7597AE9BE27DF76E9ED425C3
                                                                                                                                                                                                                                              SHA1:839522C03859FD05AEB812117C36EBDC5E0119A5
                                                                                                                                                                                                                                              SHA-256:7BC1903DFC27744BC63C9F2A6FE214316008173FFECB1D4272111F1586A32585
                                                                                                                                                                                                                                              SHA-512:BE650747988853EF7F4E365C30F45D4B20A21BCBC3302CD53DC9A3949896FA720195667B030E189FFF03DA990268055CA9A7C78B3915AAB17041ADAE4EBD829A
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:SQLite format 3......@ ..........................................................................j......~s..F~s........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-shm

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):32768
                                                                                                                                                                                                                                              Entropy (8bit):0.035699946889726504
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:3:GtlstFlgOLHVol1lstFlgOLHN/x89//alEl:GtWtDL14WtDLt/x89XuM
                                                                                                                                                                                                                                              MD5:9BDAF441DD37F392E2A3FECB7469734E
                                                                                                                                                                                                                                              SHA1:1166A511E4CBCDFD91A8B40437C6D7A0338607A8
                                                                                                                                                                                                                                              SHA-256:42D314ECED6C0BA0F5250B0E174D52D5C04E75B4DCD591501A7FCF0A16548B2F
                                                                                                                                                                                                                                              SHA-512:6D4A6252DACA3F7D85C5FB977D93C3FCC3298519129372D81A36E540B303A2262B5444ECDFCD000D0C7ADB42C9DC744DE945B5AA05738CE38566109D152AF13C
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:..-..............................JhQ.....Gb.S..-..............................JhQ.....Gb.S........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-wal

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                              File Type:SQLite Write-Ahead Log, version 3007000
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):32824
                                                                                                                                                                                                                                              Entropy (8bit):0.03963053308770313
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:3:Ol1KVjmonygZmDgnVStll8rEXsxdwhml8XW3R2:KWfnVRVGll8dMhm93w
                                                                                                                                                                                                                                              MD5:3A07527F9B5DF16C300E9C69E7AA8B45
                                                                                                                                                                                                                                              SHA1:0D8791E526159CF21FF523076A9A99D51EA9DAC4
                                                                                                                                                                                                                                              SHA-256:C9629DC601164D1A46F49B6D17C618602AECF788CF0DDEBC7A1BA59E463018F4
                                                                                                                                                                                                                                              SHA-512:56F18E8CE5ABB86D632DDA97164C84FBEA3AD0D536CB35778F68BB62DFE9AC677E3FAF726BF2277608EA90372381C08D82F9AC71DE156341BBC1C469959654C6
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:7....-.............JhQ.. ....6%...........JhQ........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs-1.js

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                              File Type:ASCII text, with very long lines (1809), with CRLF line terminators
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):13254
                                                                                                                                                                                                                                              Entropy (8bit):5.4937056406823075
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:192:snaRtLYbBp6phj4qyaaXv6K153+Ni95RfGNBw8dNSl:Be3qJoqmcwK0
                                                                                                                                                                                                                                              MD5:8EA8240D5B8C3DB4B29CB90603BC722D
                                                                                                                                                                                                                                              SHA1:D6B9C44737E6575632107D2C6638D2BEC667F674
                                                                                                                                                                                                                                              SHA-256:5DE3D9F1706F2BB4338A6E175A67C3816FF98BDCC4C6E90F21F9C335E51FE555
                                                                                                                                                                                                                                              SHA-512:EDE38EA44A6EEC4A6F8EA39B1D85AAA12129207D9AE9AC91C81B2DC18657526A6272B89D4D2F833EEE79B67E7ECBF8B6B86DE2C1CB3834378748C4CEB34C98A3
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "57f16a19-e119-4073-bf01-28f88011f783");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.backgroundErrors", 2);..user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1730016372);..user_pref("app.update.lastUpdateTime.background-update-timer", 1730016372);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 1730016372);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 173001

                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.js (copy)

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                              File Type:ASCII text, with very long lines (1809), with CRLF line terminators
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):13254
                                                                                                                                                                                                                                              Entropy (8bit):5.4937056406823075
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:192:snaRtLYbBp6phj4qyaaXv6K153+Ni95RfGNBw8dNSl:Be3qJoqmcwK0
                                                                                                                                                                                                                                              MD5:8EA8240D5B8C3DB4B29CB90603BC722D
                                                                                                                                                                                                                                              SHA1:D6B9C44737E6575632107D2C6638D2BEC667F674
                                                                                                                                                                                                                                              SHA-256:5DE3D9F1706F2BB4338A6E175A67C3816FF98BDCC4C6E90F21F9C335E51FE555
                                                                                                                                                                                                                                              SHA-512:EDE38EA44A6EEC4A6F8EA39B1D85AAA12129207D9AE9AC91C81B2DC18657526A6272B89D4D2F833EEE79B67E7ECBF8B6B86DE2C1CB3834378748C4CEB34C98A3
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "57f16a19-e119-4073-bf01-28f88011f783");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.backgroundErrors", 2);..user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1730016372);..user_pref("app.update.lastUpdateTime.background-update-timer", 1730016372);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 1730016372);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 173001

                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\protections.sqlite

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                              File Type:SQLite 3.x database, user version 1, last written using SQLite version 3042000, page size 32768, file counter 5, database pages 2, cookie 0x1, schema 4, UTF-8, version-valid-for 5
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):65536
                                                                                                                                                                                                                                              Entropy (8bit):0.04062825861060003
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:6:ltBl/l4/WN1h4BEJYqWvLue3FMOrMZ0l:DBl/WuntfJiFxMZO
                                                                                                                                                                                                                                              MD5:18F65713B07CB441E6A98655B726D098
                                                                                                                                                                                                                                              SHA1:2CEFA32BC26B25BE81C411B60C9925CB0F1F8F88
                                                                                                                                                                                                                                              SHA-256:B6C268E48546B113551A5AF9CA86BB6A462A512DE6C9289315E125CEB0FD8621
                                                                                                                                                                                                                                              SHA-512:A6871076C7D7ED53B630F9F144ED04303AD54A2E60B94ECA2AA96964D1AB375EEFDCA86CE0D3EB0E9DBB81470C6BD159877125A080C95EB17E54A52427F805FB
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:SQLite format 3......@ ..........................................................................j.......x..x..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\saved-telemetry-pings\1a3c9922-cf8e-4b1c-9637-d3e0e44b2c1f (copy)

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):493
                                                                                                                                                                                                                                              Entropy (8bit):4.953164016686978
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:12:YZFg8xRZJNWIVHlW8cOlZGV1AQIYzvZcyBuLZ2d:Y9hNWSlCOlZGV1AQIWZcy6Z2d
                                                                                                                                                                                                                                              MD5:6F0DF6D5CF9BE401006BF329809741E6
                                                                                                                                                                                                                                              SHA1:00D883C4C1FE12F9F91BBB7214F61924C8352B39
                                                                                                                                                                                                                                              SHA-256:E146FD2D7364264D0AE0026903CC24F7E6606B4F6BD53D2753CA2182B475F0DF
                                                                                                                                                                                                                                              SHA-512:B2059BA6E2F631F5E8BDE85286F17B9AFD4E5AFD36A4C8E251AF3FEFE572E9FD13A1280F33639375E83C565377646E0E1BCE2F0F229639DBD67BC33B345FBE64
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:{"type":"health","id":"1a3c9922-cf8e-4b1c-9637-d3e0e44b2c1f","creationDate":"2024-10-27T08:06:42.812Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"os":{"name":"WINNT","version":"10.0"},"reason":"immediate","sendFailure":{"eUnreachable":1}},"clientId":"65e71c9e-6ac3-4903-9066-b134350de32c"}

                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\saved-telemetry-pings\1a3c9922-cf8e-4b1c-9637-d3e0e44b2c1f.tmp

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                              Category:modified
                                                                                                                                                                                                                                              Size (bytes):493
                                                                                                                                                                                                                                              Entropy (8bit):4.953164016686978
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:12:YZFg8xRZJNWIVHlW8cOlZGV1AQIYzvZcyBuLZ2d:Y9hNWSlCOlZGV1AQIWZcy6Z2d
                                                                                                                                                                                                                                              MD5:6F0DF6D5CF9BE401006BF329809741E6
                                                                                                                                                                                                                                              SHA1:00D883C4C1FE12F9F91BBB7214F61924C8352B39
                                                                                                                                                                                                                                              SHA-256:E146FD2D7364264D0AE0026903CC24F7E6606B4F6BD53D2753CA2182B475F0DF
                                                                                                                                                                                                                                              SHA-512:B2059BA6E2F631F5E8BDE85286F17B9AFD4E5AFD36A4C8E251AF3FEFE572E9FD13A1280F33639375E83C565377646E0E1BCE2F0F229639DBD67BC33B345FBE64
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:{"type":"health","id":"1a3c9922-cf8e-4b1c-9637-d3e0e44b2c1f","creationDate":"2024-10-27T08:06:42.812Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"os":{"name":"WINNT","version":"10.0"},"reason":"immediate","sendFailure":{"eUnreachable":1}},"clientId":"65e71c9e-6ac3-4903-9066-b134350de32c"}

                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\sessionCheckpoints.json (copy)

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):90
                                                                                                                                                                                                                                              Entropy (8bit):4.194538242412464
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:3:YVXKQJAyiVLQwJtJDBA+AJ2LKZXJ3YFwHY:Y9KQOy6Lb1BA+m2L69Yr
                                                                                                                                                                                                                                              MD5:C4AB2EE59CA41B6D6A6EA911F35BDC00
                                                                                                                                                                                                                                              SHA1:5942CD6505FC8A9DABA403B082067E1CDEFDFBC4
                                                                                                                                                                                                                                              SHA-256:00AD9799527C3FD21F3A85012565EAE817490F3E0D417413BF9567BB5909F6A2
                                                                                                                                                                                                                                              SHA-512:71EA16900479E6AF161E0AAD08C8D1E9DED5868A8D848E7647272F3002E2F2013E16382B677ABE3C6F17792A26293B9E27EC78E16F00BD24BA3D21072BD1CAE2
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:{"profile-after-change":true,"final-ui-startup":true,"sessionstore-windows-restored":true}

                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\sessionCheckpoints.json.tmp

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):90
                                                                                                                                                                                                                                              Entropy (8bit):4.194538242412464
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:3:YVXKQJAyiVLQwJtJDBA+AJ2LKZXJ3YFwHY:Y9KQOy6Lb1BA+m2L69Yr
                                                                                                                                                                                                                                              MD5:C4AB2EE59CA41B6D6A6EA911F35BDC00
                                                                                                                                                                                                                                              SHA1:5942CD6505FC8A9DABA403B082067E1CDEFDFBC4
                                                                                                                                                                                                                                              SHA-256:00AD9799527C3FD21F3A85012565EAE817490F3E0D417413BF9567BB5909F6A2
                                                                                                                                                                                                                                              SHA-512:71EA16900479E6AF161E0AAD08C8D1E9DED5868A8D848E7647272F3002E2F2013E16382B677ABE3C6F17792A26293B9E27EC78E16F00BD24BA3D21072BD1CAE2
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:{"profile-after-change":true,"final-ui-startup":true,"sessionstore-windows-restored":true}

                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\sessionstore-backups\recovery.baklz4 (copy)

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                              File Type:Mozilla lz4 compressed data, originally 5861 bytes
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):1568
                                                                                                                                                                                                                                              Entropy (8bit):6.335261083146529
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:24:v+USUGlcAxSwwRLXnIgjf/pnxQwRlszT5sKt0er3eHVQj6TL2amhujJlOsIomNVn:GUpOxAbZnR6Tr3eHTa4JlIUNR4
                                                                                                                                                                                                                                              MD5:1A85F7DA80A862190436B47327A99A46
                                                                                                                                                                                                                                              SHA1:77F12AF6A42A146A03E30613B7EBEB8ACFE9B986
                                                                                                                                                                                                                                              SHA-256:D4DD9A32658FB6DEE174A190F5DCCA9A971A7EF65267225AC23413221D38442E
                                                                                                                                                                                                                                              SHA-512:CD8687FA5C61F2A8F190860348567010F9D46360957DA0A82ECEDC97E33AE80BA3EC0C33F23E1C7DAF410CFEE8AEF14D12C5BDEC3AEB1DE6712CCE4AF0044074
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:mozLz40.......{"version":["ses....restore",1],"windows":[{"tab..bentrie....url":"https://youtube.com/account?=.....rs.googl%...v3/signin/challenge/pwd","title[.C..cacheKey":0,"ID":6,"docshellUU...D"{6981fc3c-e670-4313-bddf-5b11bb149174}","resultPrincipalURI":null,"hasUserInteracte...true,"triggering8.p_base64z..\"3\":{}^...docIdentifier":7,"persistK..+}],"lastAccessed":1730016379500,"hidden":false,"searchMode...userContextId...attribut...{},"index":1...questedI..p0,"imag....chrome://global/skin/icons/warning.svg"..aselect...,"_closedTZ.@],"_...C..`GroupCF..":-1,"busy...t...Flags":2167541758....dth":1164,"height":891,"screenX":4...Y..Aizem..."maximize......BeforeMin...&..workspace9...1a5ccf63-1000-409f-b5c1-afec7f75d4d9","zD..1...Wm..l........j..:....1":{..jUpdate.....wtartTim..A4230...centCrash..B0},".....Dcook.. hoc..."addons.mozilla.org","valu...A8bad2467092e6ddeb0dfa9e5ea54d86d26790ca7ba2ce88d10cb4604fe726755","path":"/","na..a"taarI|.Recure...,`.Donly..fexpiry...51424,"originA...."

                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\sessionstore-backups\recovery.jsonlz4 (copy)

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                              File Type:Mozilla lz4 compressed data, originally 5861 bytes
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):1568
                                                                                                                                                                                                                                              Entropy (8bit):6.335261083146529
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:24:v+USUGlcAxSwwRLXnIgjf/pnxQwRlszT5sKt0er3eHVQj6TL2amhujJlOsIomNVn:GUpOxAbZnR6Tr3eHTa4JlIUNR4
                                                                                                                                                                                                                                              MD5:1A85F7DA80A862190436B47327A99A46
                                                                                                                                                                                                                                              SHA1:77F12AF6A42A146A03E30613B7EBEB8ACFE9B986
                                                                                                                                                                                                                                              SHA-256:D4DD9A32658FB6DEE174A190F5DCCA9A971A7EF65267225AC23413221D38442E
                                                                                                                                                                                                                                              SHA-512:CD8687FA5C61F2A8F190860348567010F9D46360957DA0A82ECEDC97E33AE80BA3EC0C33F23E1C7DAF410CFEE8AEF14D12C5BDEC3AEB1DE6712CCE4AF0044074
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:mozLz40.......{"version":["ses....restore",1],"windows":[{"tab..bentrie....url":"https://youtube.com/account?=.....rs.googl%...v3/signin/challenge/pwd","title[.C..cacheKey":0,"ID":6,"docshellUU...D"{6981fc3c-e670-4313-bddf-5b11bb149174}","resultPrincipalURI":null,"hasUserInteracte...true,"triggering8.p_base64z..\"3\":{}^...docIdentifier":7,"persistK..+}],"lastAccessed":1730016379500,"hidden":false,"searchMode...userContextId...attribut...{},"index":1...questedI..p0,"imag....chrome://global/skin/icons/warning.svg"..aselect...,"_closedTZ.@],"_...C..`GroupCF..":-1,"busy...t...Flags":2167541758....dth":1164,"height":891,"screenX":4...Y..Aizem..."maximize......BeforeMin...&..workspace9...1a5ccf63-1000-409f-b5c1-afec7f75d4d9","zD..1...Wm..l........j..:....1":{..jUpdate.....wtartTim..A4230...centCrash..B0},".....Dcook.. hoc..."addons.mozilla.org","valu...A8bad2467092e6ddeb0dfa9e5ea54d86d26790ca7ba2ce88d10cb4604fe726755","path":"/","na..a"taarI|.Recure...,`.Donly..fexpiry...51424,"originA...."

                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\sessionstore-backups\recovery.jsonlz4.tmp

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                              File Type:Mozilla lz4 compressed data, originally 5861 bytes
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):1568
                                                                                                                                                                                                                                              Entropy (8bit):6.335261083146529
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:24:v+USUGlcAxSwwRLXnIgjf/pnxQwRlszT5sKt0er3eHVQj6TL2amhujJlOsIomNVn:GUpOxAbZnR6Tr3eHTa4JlIUNR4
                                                                                                                                                                                                                                              MD5:1A85F7DA80A862190436B47327A99A46
                                                                                                                                                                                                                                              SHA1:77F12AF6A42A146A03E30613B7EBEB8ACFE9B986
                                                                                                                                                                                                                                              SHA-256:D4DD9A32658FB6DEE174A190F5DCCA9A971A7EF65267225AC23413221D38442E
                                                                                                                                                                                                                                              SHA-512:CD8687FA5C61F2A8F190860348567010F9D46360957DA0A82ECEDC97E33AE80BA3EC0C33F23E1C7DAF410CFEE8AEF14D12C5BDEC3AEB1DE6712CCE4AF0044074
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:mozLz40.......{"version":["ses....restore",1],"windows":[{"tab..bentrie....url":"https://youtube.com/account?=.....rs.googl%...v3/signin/challenge/pwd","title[.C..cacheKey":0,"ID":6,"docshellUU...D"{6981fc3c-e670-4313-bddf-5b11bb149174}","resultPrincipalURI":null,"hasUserInteracte...true,"triggering8.p_base64z..\"3\":{}^...docIdentifier":7,"persistK..+}],"lastAccessed":1730016379500,"hidden":false,"searchMode...userContextId...attribut...{},"index":1...questedI..p0,"imag....chrome://global/skin/icons/warning.svg"..aselect...,"_closedTZ.@],"_...C..`GroupCF..":-1,"busy...t...Flags":2167541758....dth":1164,"height":891,"screenX":4...Y..Aizem..."maximize......BeforeMin...&..workspace9...1a5ccf63-1000-409f-b5c1-afec7f75d4d9","zD..1...Wm..l........j..:....1":{..jUpdate.....wtartTim..A4230...centCrash..B0},".....Dcook.. hoc..."addons.mozilla.org","valu...A8bad2467092e6ddeb0dfa9e5ea54d86d26790ca7ba2ce88d10cb4604fe726755","path":"/","na..a"taarI|.Recure...,`.Donly..fexpiry...51424,"originA...."

                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage.sqlite

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                              File Type:SQLite 3.x database, user version 131075, last written using SQLite version 3042000, page size 512, file counter 6, database pages 8, cookie 0x4, schema 4, UTF-8, version-valid-for 6
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):4096
                                                                                                                                                                                                                                              Entropy (8bit):2.0836444556178684
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:24:JBwdh/cEUcR9PzNFPFHx/GJRBdkOrDcRB1trwDeAq2gRMyxr3:jnEUo9LXtR+JdkOnohYsl
                                                                                                                                                                                                                                              MD5:8B40B1534FF0F4B533AF767EB5639A05
                                                                                                                                                                                                                                              SHA1:63EDB539EA39AD09D701A36B535C4C087AE08CC9
                                                                                                                                                                                                                                              SHA-256:AF275A19A5C2C682139266065D90C237282274D11C5619A121B7BDBDB252861B
                                                                                                                                                                                                                                              SHA-512:54AF707698CED33C206B1B193DA414D630901762E88E37E99885A50D4D5F8DDC28367C9B401DFE251CF0552B4FA446EE28F78A97C9096AFB0F2898BFBB673B53
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\targeting.snapshot.json (copy)

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):4537
                                                                                                                                                                                                                                              Entropy (8bit):5.033949607853121
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:48:YrSAYrNO6UQZpExB1+anOsW4Vh351VxWRzzc8eYMsku7f86SLAVL7if5FtsfAcb5:ychOyTEr5QFRzzcMvbw6KkCrrc2Rn27
                                                                                                                                                                                                                                              MD5:B44D8050349E0BD0ACA44DA1BBA0DD73
                                                                                                                                                                                                                                              SHA1:D6617F3E8C3390BA61A9DC061E58EAB75A2BB30D
                                                                                                                                                                                                                                              SHA-256:32AE8AE826888A6E9EF5B7A792CB15FB343929F0F3F52F02AF65AD917E46807D
                                                                                                                                                                                                                                              SHA-512:04E5BEA770D206552A46846F7013B2A49D7DB6091E4945F5D9968CE7D815ABAA404270ABF086E63133FA4C396677233AAB082B7679BAB9E5A67024529DFF888F
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:{"environment":{"locale":"en-US","localeLanguageCode":"en","browserSettings":{"update":{"channel":"release","enabled":true,"autoDownload":true,"background":true}},"attributionData":{"campaign":"%2528not%2Bset%2529","content":"%2528not%2Bset%2529","dlsource":"mozorg","dltoken":"cd09ae95-e2cf-4b8b-8929-791b0dd48cdd","experiment":"%2528not%2Bset%2529","medium":"referral","source":"www.google.com","ua":"chrome","variation":"%2528not%2Bset%2529"},"currentDate":"2024-10-27T08:06:05.516Z","profileAgeCreated":1696333826043,"usesFirefoxSync":false,"isFxAEnabled":true,"isFxASignedIn":false,"sync":{"desktopDevices":0,"mobileDevices":0,"totalDevices":0},"xpinstallEnabled":true,"addonsInfo":{"addons":{"formautofill@mozilla.org":{"version":"1.0.1","type":"extension","isSystem":true,"isWebExtension":true,"name":"Form Autofill","userDisabled":false,"installDate":"2023-09-28T01:41:23.000Z"},"pictureinpicture@mozilla.org":{"version":"1.0.0","type":"extension","isSystem":true,"isWebExtension":true,"name"

                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\targeting.snapshot.json.tmp

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):4537
                                                                                                                                                                                                                                              Entropy (8bit):5.033949607853121
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:48:YrSAYrNO6UQZpExB1+anOsW4Vh351VxWRzzc8eYMsku7f86SLAVL7if5FtsfAcb5:ychOyTEr5QFRzzcMvbw6KkCrrc2Rn27
                                                                                                                                                                                                                                              MD5:B44D8050349E0BD0ACA44DA1BBA0DD73
                                                                                                                                                                                                                                              SHA1:D6617F3E8C3390BA61A9DC061E58EAB75A2BB30D
                                                                                                                                                                                                                                              SHA-256:32AE8AE826888A6E9EF5B7A792CB15FB343929F0F3F52F02AF65AD917E46807D
                                                                                                                                                                                                                                              SHA-512:04E5BEA770D206552A46846F7013B2A49D7DB6091E4945F5D9968CE7D815ABAA404270ABF086E63133FA4C396677233AAB082B7679BAB9E5A67024529DFF888F
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:{"environment":{"locale":"en-US","localeLanguageCode":"en","browserSettings":{"update":{"channel":"release","enabled":true,"autoDownload":true,"background":true}},"attributionData":{"campaign":"%2528not%2Bset%2529","content":"%2528not%2Bset%2529","dlsource":"mozorg","dltoken":"cd09ae95-e2cf-4b8b-8929-791b0dd48cdd","experiment":"%2528not%2Bset%2529","medium":"referral","source":"www.google.com","ua":"chrome","variation":"%2528not%2Bset%2529"},"currentDate":"2024-10-27T08:06:05.516Z","profileAgeCreated":1696333826043,"usesFirefoxSync":false,"isFxAEnabled":true,"isFxASignedIn":false,"sync":{"desktopDevices":0,"mobileDevices":0,"totalDevices":0},"xpinstallEnabled":true,"addonsInfo":{"addons":{"formautofill@mozilla.org":{"version":"1.0.1","type":"extension","isSystem":true,"isWebExtension":true,"name":"Form Autofill","userDisabled":false,"installDate":"2023-09-28T01:41:23.000Z"},"pictureinpicture@mozilla.org":{"version":"1.0.0","type":"extension","isSystem":true,"isWebExtension":true,"name"

                                                                                                                                                                                                                                              Static File Info

                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                              File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                              Entropy (8bit):6.584665453698471
                                                                                                                                                                                                                                              TrID:
                                                                                                                                                                                                                                              • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                                              • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                                              • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                                              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                              File name:XlKQ797V2E.exe
                                                                                                                                                                                                                                              File size:919'552 bytes
                                                                                                                                                                                                                                              MD5:8d1d2122c8a31716baf394bb1e4c6f28
                                                                                                                                                                                                                                              SHA1:b5eea46ea189e9c7b7172c5cca7b543eca377b48
                                                                                                                                                                                                                                              SHA256:b122cc9290f58d4429c0e2bf1870777520493b95adf132a8a784d0dfa8495cf7
                                                                                                                                                                                                                                              SHA512:2e63bc9a9d3828f62c0596a2f72f9e215359407a8c8452bc1e4a1b5116a5306ff1389b651c1e3d1a5717bf34194ede75ba650110f2ef6f3f23ddfed35143c790
                                                                                                                                                                                                                                              SSDEEP:12288:NqDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDga/To:NqDEvCTbMWu7rQYlBQcBiT6rprG8abo
                                                                                                                                                                                                                                              TLSH:B9159E0273D1C062FFAB92334B5AF6515BBC69260123E61F13981DB9BE701B1563E7A3
                                                                                                                                                                                                                                              File Content Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......................j:......j:..C...j:......@.*...............................n.......~.............{.......{.......{.........z....

                                                                                                                                                                                                                                              File Icon

                                                                                                                                                                                                                                              Icon Hash:aaf3e3e3938382a0

                                                                                                                                                                                                                                              Static PE Info

                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                              Entrypoint:0x420577
                                                                                                                                                                                                                                              Entrypoint Section:.text
                                                                                                                                                                                                                                              Digitally signed:false
                                                                                                                                                                                                                                              Imagebase:0x400000
                                                                                                                                                                                                                                              Subsystem:windows gui
                                                                                                                                                                                                                                              Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                                                                                                                                                                                                                              DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                              Time Stamp:0x671DDC0E [Sun Oct 27 06:22:06 2024 UTC]
                                                                                                                                                                                                                                              TLS Callbacks:
                                                                                                                                                                                                                                              CLR (.Net) Version:
                                                                                                                                                                                                                                              OS Version Major:5
                                                                                                                                                                                                                                              OS Version Minor:1
                                                                                                                                                                                                                                              File Version Major:5
                                                                                                                                                                                                                                              File Version Minor:1
                                                                                                                                                                                                                                              Subsystem Version Major:5
                                                                                                                                                                                                                                              Subsystem Version Minor:1
                                                                                                                                                                                                                                              Import Hash:948cc502fe9226992dce9417f952fce3

                                                                                                                                                                                                                                              Entrypoint Preview

                                                                                                                                                                                                                                              Instruction
                                                                                                                                                                                                                                              call 00007F38047DC793h
                                                                                                                                                                                                                                              jmp 00007F38047DC09Fh
                                                                                                                                                                                                                                              push ebp
                                                                                                                                                                                                                                              mov ebp, esp
                                                                                                                                                                                                                                              push esi
                                                                                                                                                                                                                                              push dword ptr [ebp+08h]
                                                                                                                                                                                                                                              mov esi, ecx
                                                                                                                                                                                                                                              call 00007F38047DC27Dh
                                                                                                                                                                                                                                              mov dword ptr [esi], 0049FDF0h
                                                                                                                                                                                                                                              mov eax, esi
                                                                                                                                                                                                                                              pop esi
                                                                                                                                                                                                                                              pop ebp
                                                                                                                                                                                                                                              retn 0004h
                                                                                                                                                                                                                                              and dword ptr [ecx+04h], 00000000h
                                                                                                                                                                                                                                              mov eax, ecx
                                                                                                                                                                                                                                              and dword ptr [ecx+08h], 00000000h
                                                                                                                                                                                                                                              mov dword ptr [ecx+04h], 0049FDF8h
                                                                                                                                                                                                                                              mov dword ptr [ecx], 0049FDF0h
                                                                                                                                                                                                                                              ret
                                                                                                                                                                                                                                              push ebp
                                                                                                                                                                                                                                              mov ebp, esp
                                                                                                                                                                                                                                              push esi
                                                                                                                                                                                                                                              push dword ptr [ebp+08h]
                                                                                                                                                                                                                                              mov esi, ecx
                                                                                                                                                                                                                                              call 00007F38047DC24Ah
                                                                                                                                                                                                                                              mov dword ptr [esi], 0049FE0Ch
                                                                                                                                                                                                                                              mov eax, esi
                                                                                                                                                                                                                                              pop esi
                                                                                                                                                                                                                                              pop ebp
                                                                                                                                                                                                                                              retn 0004h
                                                                                                                                                                                                                                              and dword ptr [ecx+04h], 00000000h
                                                                                                                                                                                                                                              mov eax, ecx
                                                                                                                                                                                                                                              and dword ptr [ecx+08h], 00000000h
                                                                                                                                                                                                                                              mov dword ptr [ecx+04h], 0049FE14h
                                                                                                                                                                                                                                              mov dword ptr [ecx], 0049FE0Ch
                                                                                                                                                                                                                                              ret
                                                                                                                                                                                                                                              push ebp
                                                                                                                                                                                                                                              mov ebp, esp
                                                                                                                                                                                                                                              push esi
                                                                                                                                                                                                                                              mov esi, ecx
                                                                                                                                                                                                                                              lea eax, dword ptr [esi+04h]
                                                                                                                                                                                                                                              mov dword ptr [esi], 0049FDD0h
                                                                                                                                                                                                                                              and dword ptr [eax], 00000000h
                                                                                                                                                                                                                                              and dword ptr [eax+04h], 00000000h
                                                                                                                                                                                                                                              push eax
                                                                                                                                                                                                                                              mov eax, dword ptr [ebp+08h]
                                                                                                                                                                                                                                              add eax, 04h
                                                                                                                                                                                                                                              push eax
                                                                                                                                                                                                                                              call 00007F38047DEE3Dh
                                                                                                                                                                                                                                              pop ecx
                                                                                                                                                                                                                                              pop ecx
                                                                                                                                                                                                                                              mov eax, esi
                                                                                                                                                                                                                                              pop esi
                                                                                                                                                                                                                                              pop ebp
                                                                                                                                                                                                                                              retn 0004h
                                                                                                                                                                                                                                              lea eax, dword ptr [ecx+04h]
                                                                                                                                                                                                                                              mov dword ptr [ecx], 0049FDD0h
                                                                                                                                                                                                                                              push eax
                                                                                                                                                                                                                                              call 00007F38047DEE88h
                                                                                                                                                                                                                                              pop ecx
                                                                                                                                                                                                                                              ret
                                                                                                                                                                                                                                              push ebp
                                                                                                                                                                                                                                              mov ebp, esp
                                                                                                                                                                                                                                              push esi
                                                                                                                                                                                                                                              mov esi, ecx
                                                                                                                                                                                                                                              lea eax, dword ptr [esi+04h]
                                                                                                                                                                                                                                              mov dword ptr [esi], 0049FDD0h
                                                                                                                                                                                                                                              push eax
                                                                                                                                                                                                                                              call 00007F38047DEE71h
                                                                                                                                                                                                                                              test byte ptr [ebp+08h], 00000001h
                                                                                                                                                                                                                                              pop ecx

                                                                                                                                                                                                                                              Rich Headers

                                                                                                                                                                                                                                              Programming Language:
                                                                                                                                                                                                                                              • [ C ] VS2008 SP1 build 30729
                                                                                                                                                                                                                                              • [IMP] VS2008 SP1 build 30729

                                                                                                                                                                                                                                              Data Directories

                                                                                                                                                                                                                                              NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0xc8e640x17c.rdata
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0xd40000x9c28.rsrc
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0xde0000x7594.reloc
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0xb0ff00x1c.rdata
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_TLS0xc34000x18.rdata
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0xb10100x40.rdata
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_IAT0x9c0000x894.rdata
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                              Sections

                                                                                                                                                                                                                                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                              .text0x10000x9ab1d0x9ac000a1473f3064dcbc32ef93c5c8a90f3a6False0.565500681542811data6.668273581389308IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                              .rdata0x9c0000x2fb820x2fc00c9cf2468b60bf4f80f136ed54b3989fbFalse0.35289185209424084data5.691811547483722IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                              .data0xcc0000x706c0x480053b9025d545d65e23295e30afdbd16d9False0.04356553819444445DOS executable (block device driver @\273\)0.5846666986982398IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                              .rsrc0xd40000x9c280x9e004ccbd5c84990375215cc980073cbaca0False0.31559038765822783data5.373863059582051IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                              .reloc0xde0000x75940x7600c68ee8931a32d45eb82dc450ee40efc3False0.7628111758474576data6.7972128181359786IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                              Resources

                                                                                                                                                                                                                                              NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                              RT_ICON0xd45a80x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.7466216216216216
                                                                                                                                                                                                                                              RT_ICON0xd46d00x128Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colorsEnglishGreat Britain0.3277027027027027
                                                                                                                                                                                                                                              RT_ICON0xd47f80x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.3885135135135135
                                                                                                                                                                                                                                              RT_ICON0xd49200x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 0EnglishGreat Britain0.3333333333333333
                                                                                                                                                                                                                                              RT_ICON0xd4c080x128Device independent bitmap graphic, 16 x 32 x 4, image size 0EnglishGreat Britain0.5
                                                                                                                                                                                                                                              RT_ICON0xd4d300xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0EnglishGreat Britain0.2835820895522388
                                                                                                                                                                                                                                              RT_ICON0xd5bd80x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0EnglishGreat Britain0.37906137184115524
                                                                                                                                                                                                                                              RT_ICON0xd64800x568Device independent bitmap graphic, 16 x 32 x 8, image size 0EnglishGreat Britain0.23699421965317918
                                                                                                                                                                                                                                              RT_ICON0xd69e80x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0EnglishGreat Britain0.13858921161825727
                                                                                                                                                                                                                                              RT_ICON0xd8f900x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0EnglishGreat Britain0.25070356472795496
                                                                                                                                                                                                                                              RT_ICON0xda0380x468Device independent bitmap graphic, 16 x 32 x 32, image size 0EnglishGreat Britain0.3173758865248227
                                                                                                                                                                                                                                              RT_MENU0xda4a00x50dataEnglishGreat Britain0.9
                                                                                                                                                                                                                                              RT_STRING0xda4f00x594dataEnglishGreat Britain0.3333333333333333
                                                                                                                                                                                                                                              RT_STRING0xdaa840x68adataEnglishGreat Britain0.2735961768219833
                                                                                                                                                                                                                                              RT_STRING0xdb1100x490dataEnglishGreat Britain0.3715753424657534
                                                                                                                                                                                                                                              RT_STRING0xdb5a00x5fcdataEnglishGreat Britain0.3087467362924282
                                                                                                                                                                                                                                              RT_STRING0xdbb9c0x65cdataEnglishGreat Britain0.34336609336609336
                                                                                                                                                                                                                                              RT_STRING0xdc1f80x466dataEnglishGreat Britain0.3605683836589698
                                                                                                                                                                                                                                              RT_STRING0xdc6600x158Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0EnglishGreat Britain0.502906976744186
                                                                                                                                                                                                                                              RT_RCDATA0xdc7b80xef0data1.0028765690376569
                                                                                                                                                                                                                                              RT_GROUP_ICON0xdd6a80x76dataEnglishGreat Britain0.6610169491525424
                                                                                                                                                                                                                                              RT_GROUP_ICON0xdd7200x14dataEnglishGreat Britain1.25
                                                                                                                                                                                                                                              RT_GROUP_ICON0xdd7340x14dataEnglishGreat Britain1.15
                                                                                                                                                                                                                                              RT_GROUP_ICON0xdd7480x14dataEnglishGreat Britain1.25
                                                                                                                                                                                                                                              RT_VERSION0xdd75c0xdcdataEnglishGreat Britain0.6181818181818182
                                                                                                                                                                                                                                              RT_MANIFEST0xdd8380x3efASCII text, with CRLF line terminatorsEnglishGreat Britain0.5074478649453823

                                                                                                                                                                                                                                              Imports

                                                                                                                                                                                                                                              DLLImport
                                                                                                                                                                                                                                              WSOCK32.dllgethostbyname, recv, send, socket, inet_ntoa, setsockopt, ntohs, WSACleanup, WSAStartup, sendto, htons, __WSAFDIsSet, select, accept, listen, bind, inet_addr, ioctlsocket, recvfrom, WSAGetLastError, closesocket, gethostname, connect
                                                                                                                                                                                                                                              VERSION.dllGetFileVersionInfoW, VerQueryValueW, GetFileVersionInfoSizeW
                                                                                                                                                                                                                                              WINMM.dlltimeGetTime, waveOutSetVolume, mciSendStringW
                                                                                                                                                                                                                                              COMCTL32.dllImageList_ReplaceIcon, ImageList_Destroy, ImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, InitCommonControlsEx, ImageList_Create
                                                                                                                                                                                                                                              MPR.dllWNetGetConnectionW, WNetCancelConnection2W, WNetUseConnectionW, WNetAddConnection2W
                                                                                                                                                                                                                                              WININET.dllHttpOpenRequestW, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetQueryOptionW, InternetConnectW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetReadFile, InternetQueryDataAvailable
                                                                                                                                                                                                                                              PSAPI.DLLGetProcessMemoryInfo
                                                                                                                                                                                                                                              IPHLPAPI.DLLIcmpSendEcho, IcmpCloseHandle, IcmpCreateFile
                                                                                                                                                                                                                                              USERENV.dllDestroyEnvironmentBlock, LoadUserProfileW, CreateEnvironmentBlock, UnloadUserProfile
                                                                                                                                                                                                                                              UxTheme.dllIsThemeActive
                                                                                                                                                                                                                                              KERNEL32.dllDuplicateHandle, CreateThread, WaitForSingleObject, HeapAlloc, GetProcessHeap, HeapFree, Sleep, GetCurrentThreadId, MultiByteToWideChar, MulDiv, GetVersionExW, IsWow64Process, GetSystemInfo, FreeLibrary, LoadLibraryA, GetProcAddress, SetErrorMode, GetModuleFileNameW, WideCharToMultiByte, lstrcpyW, lstrlenW, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, SetEndOfFile, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, FindClose, GetLongPathNameW, GetShortPathNameW, DeleteFileW, IsDebuggerPresent, CopyFileExW, MoveFileW, CreateDirectoryW, RemoveDirectoryW, SetSystemPowerState, QueryPerformanceFrequency, LoadResource, LockResource, SizeofResource, OutputDebugStringW, GetTempPathW, GetTempFileNameW, DeviceIoControl, LoadLibraryW, GetLocalTime, CompareStringW, GetCurrentThread, EnterCriticalSection, LeaveCriticalSection, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, LoadLibraryExW, FindResourceExW, CopyFileW, VirtualFree, FormatMessageW, GetExitCodeProcess, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, SetFileAttributesW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetSystemDirectoryW, HeapReAlloc, HeapSize, GetComputerNameW, GetWindowsDirectoryW, GetCurrentProcessId, GetProcessIoCounters, CreateProcessW, GetProcessId, SetPriorityClass, VirtualAlloc, GetCurrentDirectoryW, lstrcmpiW, DecodePointer, GetLastError, RaiseException, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, InterlockedDecrement, InterlockedIncrement, ResetEvent, WaitForSingleObjectEx, IsProcessorFeaturePresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, CloseHandle, GetFullPathNameW, GetStartupInfoW, GetSystemTimeAsFileTime, InitializeSListHead, RtlUnwind, SetLastError, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, ExitProcess, GetModuleHandleExW, ExitThread, ResumeThread, FreeLibraryAndExitThread, GetACP, GetDateFormatW, GetTimeFormatW, LCMapStringW, GetStringTypeW, GetFileType, SetStdHandle, GetConsoleCP, GetConsoleMode, ReadConsoleW, GetTimeZoneInformation, FindFirstFileExW, IsValidCodePage, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableA, SetCurrentDirectoryW, FindNextFileW, WriteConsoleW
                                                                                                                                                                                                                                              USER32.dllGetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, CallWindowProcW, ReleaseCapture, SetCapture, PeekMessageW, GetInputState, UnregisterHotKey, CharLowerBuffW, MonitorFromPoint, MonitorFromRect, LoadImageW, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, ClientToScreen, GetCursorPos, DeleteMenu, CheckMenuRadioItem, GetMenuItemID, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, SystemParametersInfoW, LockWindowUpdate, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowLongW, GetWindowThreadProcessId, AttachThreadInput, GetFocus, GetWindowTextW, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetClassNameW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, RegisterHotKey, GetCursorInfo, SetWindowPos, CopyImage, AdjustWindowRectEx, SetRect, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, TrackPopupMenuEx, GetMessageW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, GetUserObjectSecurity, MessageBoxW, DefWindowProcW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, DispatchMessageW, keybd_event, TranslateMessage, ScreenToClient
                                                                                                                                                                                                                                              GDI32.dllEndPath, DeleteObject, GetTextExtentPoint32W, ExtCreatePen, StrokeAndFillPath, GetDeviceCaps, SetPixel, CloseFigure, LineTo, AngleArc, MoveToEx, Ellipse, CreateCompatibleBitmap, CreateCompatibleDC, PolyDraw, BeginPath, Rectangle, SetViewportOrgEx, GetObjectW, SetBkMode, RoundRect, SetBkColor, CreatePen, SelectObject, StretchBlt, CreateSolidBrush, SetTextColor, CreateFontW, GetTextFaceW, GetStockObject, CreateDCW, GetPixel, DeleteDC, GetDIBits, StrokePath
                                                                                                                                                                                                                                              COMDLG32.dllGetSaveFileNameW, GetOpenFileNameW
                                                                                                                                                                                                                                              ADVAPI32.dllGetAce, RegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegSetValueExW, RegOpenKeyExW, RegCloseKey, RegQueryValueExW, RegConnectRegistryW, InitializeSecurityDescriptor, InitializeAcl, AdjustTokenPrivileges, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, GetLengthSid, CopySid, LogonUserW, AllocateAndInitializeSid, CheckTokenMembership, FreeSid, GetTokenInformation, RegCreateKeyExW, GetSecurityDescriptorDacl, GetAclInformation, GetUserNameW, AddAce, SetSecurityDescriptorDacl, InitiateSystemShutdownExW
                                                                                                                                                                                                                                              SHELL32.dllDragFinish, DragQueryPoint, ShellExecuteExW, DragQueryFileW, SHEmptyRecycleBinW, SHGetPathFromIDListW, SHBrowseForFolderW, SHCreateShellItem, SHGetDesktopFolder, SHGetSpecialFolderLocation, SHGetFolderPathW, SHFileOperationW, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW
                                                                                                                                                                                                                                              ole32.dllCoTaskMemAlloc, CoTaskMemFree, CLSIDFromString, ProgIDFromCLSID, CLSIDFromProgID, OleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoCreateInstance, IIDFromString, StringFromGUID2, CreateStreamOnHGlobal, OleInitialize, OleUninitialize, CoInitialize, CoUninitialize, GetRunningObjectTable, CoGetInstanceFromFile, CoGetObject, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket
                                                                                                                                                                                                                                              OLEAUT32.dllCreateStdDispatch, CreateDispTypeInfo, UnRegisterTypeLib, UnRegisterTypeLibForUser, RegisterTypeLibForUser, RegisterTypeLib, LoadTypeLibEx, VariantCopyInd, SysReAllocString, SysFreeString, VariantChangeType, SafeArrayDestroyData, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayAllocData, SafeArrayAllocDescriptorEx, SafeArrayCreateVector, SysStringLen, QueryPathOfRegTypeLib, SysAllocString, VariantInit, VariantClear, DispCallFunc, VariantTimeToSystemTime, VarR8FromDec, SafeArrayGetVartype, SafeArrayDestroyDescriptor, VariantCopy, OleLoadPicture

                                                                                                                                                                                                                                              Possible Origin

                                                                                                                                                                                                                                              Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                                              EnglishGreat Britain

                                                                                                                                                                                                                                              Network Behavior

                                                                                                                                                                                                                                              Network Port Distribution

                                                                                                                                                                                                                                              TCP Packets

                                                                                                                                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:21.718990088 CET49736443192.168.2.435.190.72.216
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:21.719063997 CET4434973635.190.72.216192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:21.723829031 CET49736443192.168.2.435.190.72.216
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:21.729676962 CET49736443192.168.2.435.190.72.216
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:21.729718924 CET4434973635.190.72.216192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:22.363285065 CET4434973635.190.72.216192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:22.374320984 CET49736443192.168.2.435.190.72.216
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:22.385379076 CET49736443192.168.2.435.190.72.216
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:22.385428905 CET4434973635.190.72.216192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:22.385507107 CET49736443192.168.2.435.190.72.216
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:22.386145115 CET4434973635.190.72.216192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:22.390064955 CET49736443192.168.2.435.190.72.216
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:26.169655085 CET4973980192.168.2.434.107.221.82
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:26.175151110 CET804973934.107.221.82192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:26.175379038 CET4973980192.168.2.434.107.221.82
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:26.175620079 CET4973980192.168.2.434.107.221.82
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:26.180951118 CET804973934.107.221.82192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:26.192708969 CET49740443192.168.2.4142.250.185.174
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:26.192737103 CET44349740142.250.185.174192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:26.193579912 CET49740443192.168.2.4142.250.185.174
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:26.195550919 CET49740443192.168.2.4142.250.185.174
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:26.195568085 CET44349740142.250.185.174192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:26.785321951 CET804973934.107.221.82192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:26.839248896 CET4973980192.168.2.434.107.221.82
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:26.963449955 CET49742443192.168.2.4142.250.185.174
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:26.963469982 CET44349742142.250.185.174192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:26.970837116 CET49742443192.168.2.4142.250.185.174
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:26.973267078 CET49742443192.168.2.4142.250.185.174
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:26.973282099 CET44349742142.250.185.174192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:27.071638107 CET44349740142.250.185.174192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:27.071794033 CET49740443192.168.2.4142.250.185.174
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:27.072628021 CET44349740142.250.185.174192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:27.073239088 CET49740443192.168.2.4142.250.185.174
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:27.078798056 CET49740443192.168.2.4142.250.185.174
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:27.078803062 CET44349740142.250.185.174192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:27.078927994 CET49740443192.168.2.4142.250.185.174
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:27.079113960 CET44349740142.250.185.174192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:27.079226971 CET49740443192.168.2.4142.250.185.174
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:27.273242950 CET4974380192.168.2.434.107.221.82
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:27.278925896 CET804974334.107.221.82192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:27.279767990 CET4974380192.168.2.434.107.221.82
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:27.279809952 CET4974380192.168.2.434.107.221.82
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:27.285640001 CET804974334.107.221.82192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:27.356050968 CET49744443192.168.2.434.117.188.166
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:27.356121063 CET4434974434.117.188.166192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:27.356338024 CET49744443192.168.2.434.117.188.166
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:27.358535051 CET49744443192.168.2.434.117.188.166
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:27.358573914 CET4434974434.117.188.166192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:27.365315914 CET49745443192.168.2.435.244.181.201
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:27.365339041 CET4434974535.244.181.201192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:27.372138977 CET49745443192.168.2.435.244.181.201
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:27.372421026 CET49745443192.168.2.435.244.181.201
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:27.372473001 CET4434974535.244.181.201192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:27.406573057 CET49746443192.168.2.434.117.188.166
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:27.406598091 CET4434974634.117.188.166192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:27.409785986 CET49746443192.168.2.434.117.188.166
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:27.415579081 CET49746443192.168.2.434.117.188.166
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:27.415606976 CET4434974634.117.188.166192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:27.451101065 CET49747443192.168.2.434.160.144.191
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:27.451150894 CET4434974734.160.144.191192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:27.452907085 CET49747443192.168.2.434.160.144.191
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:27.453078985 CET49747443192.168.2.434.160.144.191
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:27.453094006 CET4434974734.160.144.191192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:27.843537092 CET44349742142.250.185.174192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:27.843554974 CET44349742142.250.185.174192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:27.843630075 CET49742443192.168.2.4142.250.185.174
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:27.844551086 CET44349742142.250.185.174192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:27.844641924 CET49742443192.168.2.4142.250.185.174
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:27.858524084 CET49742443192.168.2.4142.250.185.174
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:27.858544111 CET44349742142.250.185.174192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:27.858701944 CET49742443192.168.2.4142.250.185.174
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:27.859152079 CET44349742142.250.185.174192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:27.859226942 CET49748443192.168.2.4142.250.185.174
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:27.859266043 CET44349748142.250.185.174192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:27.860745907 CET49742443192.168.2.4142.250.185.174
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:27.860800982 CET49748443192.168.2.4142.250.185.174
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:27.862921953 CET49748443192.168.2.4142.250.185.174
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:27.862936974 CET44349748142.250.185.174192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:27.882883072 CET804974334.107.221.82192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:27.987613916 CET4434974434.117.188.166192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:27.987730026 CET49744443192.168.2.434.117.188.166
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:27.990726948 CET4434974535.244.181.201192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:27.990740061 CET4434974535.244.181.201192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:27.990974903 CET49745443192.168.2.435.244.181.201
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:27.995337009 CET49745443192.168.2.435.244.181.201
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:27.995358944 CET4434974535.244.181.201192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:27.995635033 CET4434974535.244.181.201192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:27.999588966 CET49744443192.168.2.434.117.188.166
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:27.999619007 CET4434974434.117.188.166192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:27.999782085 CET49744443192.168.2.434.117.188.166
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:27.999911070 CET4434974434.117.188.166192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:27.999933958 CET49745443192.168.2.435.244.181.201
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:28.000056982 CET49745443192.168.2.435.244.181.201
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:28.000082016 CET4434974535.244.181.201192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:28.000462055 CET49749443192.168.2.434.117.188.166
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:28.000511885 CET4434974934.117.188.166192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:28.000554085 CET49744443192.168.2.434.117.188.166
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:28.000576019 CET49745443192.168.2.435.244.181.201
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:28.000741959 CET49749443192.168.2.434.117.188.166
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:28.002630949 CET49749443192.168.2.434.117.188.166
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:28.002650976 CET4434974934.117.188.166192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:28.011575937 CET4974380192.168.2.434.107.221.82
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:28.065356970 CET4434974734.160.144.191192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:28.065465927 CET49747443192.168.2.434.160.144.191
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:28.069489956 CET4434974634.117.188.166192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:28.070149899 CET49747443192.168.2.434.160.144.191
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:28.070162058 CET4434974734.160.144.191192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:28.070509911 CET49746443192.168.2.434.117.188.166
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:28.070599079 CET4434974734.160.144.191192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:28.076807022 CET49747443192.168.2.434.160.144.191
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:28.076953888 CET49747443192.168.2.434.160.144.191
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:28.076989889 CET4434974734.160.144.191192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:28.077430964 CET49750443192.168.2.434.160.144.191
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:28.077474117 CET4434975034.160.144.191192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:28.078648090 CET49746443192.168.2.434.117.188.166
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:28.078663111 CET4434974634.117.188.166192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:28.078752995 CET49746443192.168.2.434.117.188.166
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:28.078950882 CET4434974634.117.188.166192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:28.079210997 CET49747443192.168.2.434.160.144.191
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:28.079276085 CET49746443192.168.2.434.117.188.166
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:28.079301119 CET49750443192.168.2.434.160.144.191
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:28.079612970 CET49750443192.168.2.434.160.144.191
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:28.079693079 CET4434975034.160.144.191192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:28.119667053 CET4974380192.168.2.434.107.221.82
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:28.119760036 CET4973980192.168.2.434.107.221.82
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:28.125900984 CET804974334.107.221.82192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:28.125916004 CET804973934.107.221.82192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:28.126703978 CET4974380192.168.2.434.107.221.82
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:28.126707077 CET4973980192.168.2.434.107.221.82
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:28.274456024 CET49751443192.168.2.434.117.188.166
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:28.274502039 CET4434975134.117.188.166192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:28.287497044 CET49751443192.168.2.434.117.188.166
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:28.289690971 CET49751443192.168.2.434.117.188.166
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:28.289707899 CET4434975134.117.188.166192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:28.630321980 CET4434974934.117.188.166192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:28.631099939 CET49749443192.168.2.434.117.188.166
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:28.679003000 CET49749443192.168.2.434.117.188.166
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:28.679037094 CET4434974934.117.188.166192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:28.679269075 CET49749443192.168.2.434.117.188.166
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:28.679742098 CET4434974934.117.188.166192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:28.679939032 CET49749443192.168.2.434.117.188.166
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:28.720038891 CET44349748142.250.185.174192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:28.721050978 CET44349748142.250.185.174192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:28.724230051 CET4434975034.160.144.191192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:28.731262922 CET49750443192.168.2.434.160.144.191
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:28.731266022 CET49748443192.168.2.4142.250.185.174
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:28.731285095 CET44349748142.250.185.174192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:28.743798018 CET49750443192.168.2.434.160.144.191
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:28.743839979 CET4434975034.160.144.191192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:28.744694948 CET4434975034.160.144.191192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:28.747057915 CET49750443192.168.2.434.160.144.191
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:28.747154951 CET49750443192.168.2.434.160.144.191
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:28.747291088 CET49748443192.168.2.4142.250.185.174
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:28.747308016 CET44349748142.250.185.174192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:28.747394085 CET49748443192.168.2.4142.250.185.174
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:28.747500896 CET4434975034.160.144.191192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:28.747541904 CET49750443192.168.2.434.160.144.191
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:28.747586966 CET44349748142.250.185.174192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:28.747688055 CET49750443192.168.2.434.160.144.191
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:28.747703075 CET49748443192.168.2.4142.250.185.174
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:28.902595997 CET4434975134.117.188.166192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:28.902611017 CET4434975134.117.188.166192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:28.903302908 CET49751443192.168.2.434.117.188.166
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:28.909643888 CET49751443192.168.2.434.117.188.166
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:28.909660101 CET4434975134.117.188.166192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:28.909800053 CET49751443192.168.2.434.117.188.166
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:28.909825087 CET4434975134.117.188.166192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:28.910320997 CET49752443192.168.2.434.117.188.166
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:28.910423994 CET4434975234.117.188.166192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:28.910465002 CET49751443192.168.2.434.117.188.166
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:28.913475990 CET49752443192.168.2.434.117.188.166
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:28.921328068 CET49752443192.168.2.434.117.188.166
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:28.921375990 CET4434975234.117.188.166192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:29.263675928 CET4975380192.168.2.434.107.221.82
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:29.269074917 CET804975334.107.221.82192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:29.270395994 CET4975380192.168.2.434.107.221.82
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:29.270534039 CET4975380192.168.2.434.107.221.82
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:29.278301954 CET804975334.107.221.82192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:29.544857979 CET4434975234.117.188.166192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:29.544955969 CET49752443192.168.2.434.117.188.166
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:29.549860001 CET49752443192.168.2.434.117.188.166
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:29.549871922 CET4434975234.117.188.166192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:29.549971104 CET49752443192.168.2.434.117.188.166
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:29.550101042 CET4434975234.117.188.166192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:29.550196886 CET49752443192.168.2.434.117.188.166
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:29.895798922 CET804975334.107.221.82192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:29.943304062 CET4975380192.168.2.434.107.221.82
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:32.598304987 CET4975980192.168.2.434.107.221.82
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:32.598911047 CET4975380192.168.2.434.107.221.82
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:32.603743076 CET804975934.107.221.82192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:32.603964090 CET4975980192.168.2.434.107.221.82
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:32.604038000 CET4975980192.168.2.434.107.221.82
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:32.604223967 CET804975334.107.221.82192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:32.609594107 CET804975934.107.221.82192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:32.665239096 CET49760443192.168.2.434.107.243.93
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:32.665254116 CET4434976034.107.243.93192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:32.667098999 CET49760443192.168.2.434.107.243.93
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:32.669094086 CET49760443192.168.2.434.107.243.93
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:32.669173956 CET4434976034.107.243.93192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:32.729583025 CET804975334.107.221.82192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:32.782913923 CET4975380192.168.2.434.107.221.82
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:33.205851078 CET804975934.107.221.82192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:33.253211975 CET4975980192.168.2.434.107.221.82
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:33.285098076 CET4434976034.107.243.93192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:33.285202980 CET49760443192.168.2.434.107.243.93
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:33.291290045 CET49760443192.168.2.434.107.243.93
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:33.291290998 CET49760443192.168.2.434.107.243.93
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:33.291327953 CET4434976034.107.243.93192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:33.291531086 CET4434976034.107.243.93192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:33.296014071 CET49760443192.168.2.434.107.243.93
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:33.627523899 CET4975980192.168.2.434.107.221.82
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:33.633057117 CET804975934.107.221.82192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:33.753709078 CET804975934.107.221.82192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:33.801498890 CET4975980192.168.2.434.107.221.82
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:34.240859032 CET4975380192.168.2.434.107.221.82
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:34.246377945 CET804975334.107.221.82192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:34.371437073 CET804975334.107.221.82192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:34.418802023 CET4975380192.168.2.434.107.221.82
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:38.988126993 CET4975980192.168.2.434.107.221.82
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:38.993489981 CET804975934.107.221.82192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:39.114547968 CET804975934.107.221.82192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:39.171590090 CET4975980192.168.2.434.107.221.82
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:39.279412031 CET49763443192.168.2.434.107.243.93
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:39.279428959 CET4434976334.107.243.93192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:39.279887915 CET49763443192.168.2.434.107.243.93
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:39.281373024 CET49763443192.168.2.434.107.243.93
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:39.281390905 CET4434976334.107.243.93192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:39.883760929 CET4434976334.107.243.93192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:39.891340017 CET4434976334.107.243.93192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:39.891436100 CET49763443192.168.2.434.107.243.93
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:39.908497095 CET49763443192.168.2.434.107.243.93
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:39.942373991 CET49763443192.168.2.434.107.243.93
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:39.942373991 CET49763443192.168.2.434.107.243.93
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:39.942425013 CET4434976334.107.243.93192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:39.942723036 CET4434976334.107.243.93192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:39.948579073 CET49763443192.168.2.434.107.243.93
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:40.566637039 CET49764443192.168.2.434.120.208.123
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:40.566688061 CET4434976434.120.208.123192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:40.566999912 CET49764443192.168.2.434.120.208.123
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:40.568871021 CET49764443192.168.2.434.120.208.123
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:40.568885088 CET4434976434.120.208.123192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:40.608248949 CET4975380192.168.2.434.107.221.82
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:40.613727093 CET804975334.107.221.82192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:40.686969042 CET49765443192.168.2.435.244.181.201
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:40.687005043 CET4434976535.244.181.201192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:40.687215090 CET49765443192.168.2.435.244.181.201
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:40.687431097 CET49765443192.168.2.435.244.181.201
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:40.687447071 CET4434976535.244.181.201192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:40.739882946 CET804975334.107.221.82192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:40.802812099 CET4975380192.168.2.434.107.221.82
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:40.959562063 CET4975980192.168.2.434.107.221.82
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:40.965003014 CET804975934.107.221.82192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:40.996932983 CET49766443192.168.2.434.149.100.209
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:40.996943951 CET4434976634.149.100.209192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:40.997416019 CET49766443192.168.2.434.149.100.209
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:40.999422073 CET49766443192.168.2.434.149.100.209
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:40.999439955 CET4434976634.149.100.209192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:41.086287022 CET804975934.107.221.82192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:41.134926081 CET4975980192.168.2.434.107.221.82
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:41.192301989 CET4434976434.120.208.123192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:41.192398071 CET49764443192.168.2.434.120.208.123
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:41.220750093 CET49764443192.168.2.434.120.208.123
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:41.220763922 CET4434976434.120.208.123192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:41.220885038 CET49764443192.168.2.434.120.208.123
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:41.221128941 CET4434976434.120.208.123192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:41.221436977 CET49764443192.168.2.434.120.208.123
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:41.328604937 CET4434976535.244.181.201192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:41.329919100 CET49765443192.168.2.435.244.181.201
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:41.355106115 CET49765443192.168.2.435.244.181.201
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:41.355127096 CET4434976535.244.181.201192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:41.355462074 CET4434976535.244.181.201192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:41.355525970 CET4975380192.168.2.434.107.221.82
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:41.359234095 CET49765443192.168.2.435.244.181.201
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:41.359347105 CET49765443192.168.2.435.244.181.201
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:41.359448910 CET4434976535.244.181.201192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:41.360929966 CET804975334.107.221.82192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:41.361845016 CET49765443192.168.2.435.244.181.201
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:41.368108988 CET49767443192.168.2.434.120.208.123
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:41.368119955 CET4434976734.120.208.123192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:41.368287086 CET49767443192.168.2.434.120.208.123
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:41.370148897 CET49767443192.168.2.434.120.208.123
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:41.370189905 CET4434976734.120.208.123192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:41.690601110 CET804975334.107.221.82192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:41.698410034 CET4434976634.149.100.209192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:41.705346107 CET49766443192.168.2.434.149.100.209
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:41.721812010 CET804975334.107.221.82192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:41.725383043 CET4975380192.168.2.434.107.221.82
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:42.012439966 CET4434976734.120.208.123192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:42.019345045 CET4434976734.120.208.123192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:42.020246983 CET49767443192.168.2.434.120.208.123
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:42.463084936 CET4975980192.168.2.434.107.221.82
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:42.464792013 CET49766443192.168.2.434.149.100.209
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:42.464816093 CET4434976634.149.100.209192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:42.464943886 CET49766443192.168.2.434.149.100.209
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:42.465327978 CET49767443192.168.2.434.120.208.123
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:42.465367079 CET4434976734.120.208.123192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:42.465425014 CET49767443192.168.2.434.120.208.123
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:42.465439081 CET4434976634.149.100.209192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:42.465656042 CET4434976734.120.208.123192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:42.467834949 CET49767443192.168.2.434.120.208.123
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:42.467839003 CET49766443192.168.2.434.149.100.209
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:42.468744993 CET804975934.107.221.82192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:42.589358091 CET804975934.107.221.82192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:42.641678095 CET4975980192.168.2.434.107.221.82
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:43.902952909 CET4975380192.168.2.434.107.221.82
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:43.908323050 CET804975334.107.221.82192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:43.932286978 CET49768443192.168.2.434.120.208.123
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:43.932315111 CET4434976834.120.208.123192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:43.932794094 CET49768443192.168.2.434.120.208.123
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:43.934268951 CET49768443192.168.2.434.120.208.123
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:43.934284925 CET4434976834.120.208.123192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:44.033444881 CET804975334.107.221.82192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:44.046431065 CET49769443192.168.2.434.120.208.123
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:44.046454906 CET4434976934.120.208.123192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:44.046672106 CET49770443192.168.2.434.120.208.123
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:44.046693087 CET4434977034.120.208.123192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:44.048666954 CET49769443192.168.2.434.120.208.123
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:44.048930883 CET49770443192.168.2.434.120.208.123
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:44.048933029 CET49769443192.168.2.434.120.208.123
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:44.048984051 CET4434976934.120.208.123192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:44.049153090 CET49770443192.168.2.434.120.208.123
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:44.049196005 CET4434977034.120.208.123192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:44.051327944 CET4975980192.168.2.434.107.221.82
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:44.056646109 CET804975934.107.221.82192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:44.083934069 CET4975380192.168.2.434.107.221.82
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:44.177887917 CET804975934.107.221.82192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:44.230808973 CET4975980192.168.2.434.107.221.82
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:44.551153898 CET4434976834.120.208.123192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:44.551264048 CET49768443192.168.2.434.120.208.123
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:44.556670904 CET49768443192.168.2.434.120.208.123
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:44.556684971 CET4434976834.120.208.123192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:44.556863070 CET49768443192.168.2.434.120.208.123
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:44.556953907 CET4434976834.120.208.123192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:44.558142900 CET49768443192.168.2.434.120.208.123
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:44.559974909 CET4975380192.168.2.434.107.221.82
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:44.565267086 CET804975334.107.221.82192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:44.670435905 CET4434976934.120.208.123192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:44.673475981 CET49769443192.168.2.434.120.208.123
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:44.676826000 CET49769443192.168.2.434.120.208.123
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:44.676836014 CET4434976934.120.208.123192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:44.677082062 CET4434976934.120.208.123192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:44.679680109 CET49769443192.168.2.434.120.208.123
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:44.679889917 CET49769443192.168.2.434.120.208.123
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:44.680073977 CET4434976934.120.208.123192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:44.680490017 CET49769443192.168.2.434.120.208.123
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:44.680532932 CET4434977034.120.208.123192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:44.680694103 CET49770443192.168.2.434.120.208.123
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:44.683394909 CET49770443192.168.2.434.120.208.123
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:44.683402061 CET4434977034.120.208.123192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:44.684179068 CET4434977034.120.208.123192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:44.686392069 CET49770443192.168.2.434.120.208.123
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:44.686499119 CET49770443192.168.2.434.120.208.123
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:44.686774015 CET4434977034.120.208.123192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:44.687004089 CET49770443192.168.2.434.120.208.123
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:44.690581083 CET804975334.107.221.82192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:44.693950891 CET4975980192.168.2.434.107.221.82
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:44.699412107 CET804975934.107.221.82192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:44.732273102 CET4975380192.168.2.434.107.221.82
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:44.820276976 CET804975934.107.221.82192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:44.870434046 CET4975980192.168.2.434.107.221.82
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:50.165806055 CET49771443192.168.2.435.244.181.201
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:50.165818930 CET4434977135.244.181.201192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:50.168642044 CET49771443192.168.2.435.244.181.201
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:50.168920040 CET49771443192.168.2.435.244.181.201
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:50.168946028 CET4434977135.244.181.201192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:50.189273119 CET49772443192.168.2.434.149.100.209
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:50.189289093 CET4434977234.149.100.209192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:50.191176891 CET49772443192.168.2.434.149.100.209
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:50.191298008 CET49772443192.168.2.434.149.100.209
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:50.191314936 CET4434977234.149.100.209192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:50.194540977 CET49773443192.168.2.435.190.72.216
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:50.194561005 CET4434977335.190.72.216192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:50.201281071 CET49773443192.168.2.435.190.72.216
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:50.205683947 CET49773443192.168.2.435.190.72.216
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:50.205696106 CET4434977335.190.72.216192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:50.206090927 CET49774443192.168.2.4151.101.65.91
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:50.206166983 CET44349774151.101.65.91192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:50.206199884 CET49775443192.168.2.435.201.103.21
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:50.206208944 CET4434977535.201.103.21192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:50.208013058 CET49774443192.168.2.4151.101.65.91
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:50.208090067 CET49775443192.168.2.435.201.103.21
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:50.208142042 CET49774443192.168.2.4151.101.65.91
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:50.208163023 CET44349774151.101.65.91192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:50.209582090 CET49775443192.168.2.435.201.103.21
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:50.209597111 CET4434977535.201.103.21192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:50.681214094 CET49776443192.168.2.434.107.243.93
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:50.681226015 CET4434977634.107.243.93192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:50.681615114 CET49776443192.168.2.434.107.243.93
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:50.683056116 CET49776443192.168.2.434.107.243.93
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:50.683068991 CET4434977634.107.243.93192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:50.783776999 CET4434977135.244.181.201192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:50.783885002 CET49771443192.168.2.435.244.181.201
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:50.787380934 CET49771443192.168.2.435.244.181.201
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:50.787395954 CET4434977135.244.181.201192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:50.787754059 CET4434977135.244.181.201192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:50.790273905 CET49771443192.168.2.435.244.181.201
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:50.790352106 CET49771443192.168.2.435.244.181.201
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:50.790535927 CET4434977135.244.181.201192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:50.790600061 CET49771443192.168.2.435.244.181.201
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:50.794011116 CET4975380192.168.2.434.107.221.82
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:50.799474955 CET804975334.107.221.82192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:50.800816059 CET4434977234.149.100.209192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:50.800934076 CET49772443192.168.2.434.149.100.209
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:50.804044962 CET49772443192.168.2.434.149.100.209
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:50.804095030 CET4434977234.149.100.209192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:50.804410934 CET4434977234.149.100.209192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:50.806605101 CET49772443192.168.2.434.149.100.209
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:50.806736946 CET49772443192.168.2.434.149.100.209
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:50.806775093 CET4434977234.149.100.209192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:50.807154894 CET49772443192.168.2.434.149.100.209
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:50.823594093 CET4434977335.190.72.216192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:50.823613882 CET4434977335.190.72.216192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:50.823676109 CET49773443192.168.2.435.190.72.216
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:50.828296900 CET44349774151.101.65.91192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:50.828396082 CET49773443192.168.2.435.190.72.216
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:50.828421116 CET4434977335.190.72.216192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:50.828450918 CET49773443192.168.2.435.190.72.216
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:50.828608036 CET4434977335.190.72.216192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:50.829040051 CET49773443192.168.2.435.190.72.216
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:50.829040051 CET49774443192.168.2.4151.101.65.91
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:50.831801891 CET49774443192.168.2.4151.101.65.91
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:50.831810951 CET44349774151.101.65.91192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:50.832194090 CET44349774151.101.65.91192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:50.832571983 CET4434977535.201.103.21192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:50.832648039 CET49775443192.168.2.435.201.103.21
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:50.836225033 CET49774443192.168.2.4151.101.65.91
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:50.836314917 CET49774443192.168.2.4151.101.65.91
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:50.836462021 CET44349774151.101.65.91192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:50.836808920 CET49774443192.168.2.4151.101.65.91
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:50.837682009 CET49775443192.168.2.435.201.103.21
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:50.837688923 CET4434977535.201.103.21192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:50.837759972 CET49775443192.168.2.435.201.103.21
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:50.837935925 CET4434977535.201.103.21192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:50.843914032 CET49775443192.168.2.435.201.103.21
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:50.846374989 CET49777443192.168.2.435.244.181.201
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:50.846389055 CET4434977735.244.181.201192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:50.846626997 CET49777443192.168.2.435.244.181.201
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:50.846740007 CET49777443192.168.2.435.244.181.201
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:50.846749067 CET4434977735.244.181.201192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:50.852168083 CET49778443192.168.2.435.244.181.201
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:50.852180958 CET4434977835.244.181.201192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:50.852984905 CET49778443192.168.2.435.244.181.201
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:50.853008986 CET49779443192.168.2.435.244.181.201
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:50.853038073 CET4434977935.244.181.201192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:50.853040934 CET49778443192.168.2.435.244.181.201
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:50.853096008 CET4434977835.244.181.201192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:50.853329897 CET49779443192.168.2.435.244.181.201
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:50.853389978 CET49779443192.168.2.435.244.181.201
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:50.853394985 CET4434977935.244.181.201192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:50.857405901 CET49780443192.168.2.434.149.100.209
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:50.857414961 CET4434978034.149.100.209192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:50.857533932 CET49780443192.168.2.434.149.100.209
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:50.857661009 CET49780443192.168.2.434.149.100.209
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:50.857676983 CET4434978034.149.100.209192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:50.924565077 CET804975334.107.221.82192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:50.929570913 CET4975980192.168.2.434.107.221.82
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:50.935308933 CET804975934.107.221.82192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:50.974845886 CET4975380192.168.2.434.107.221.82
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:51.055958986 CET804975934.107.221.82192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:51.106401920 CET4975980192.168.2.434.107.221.82
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:51.291137934 CET4434977634.107.243.93192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:51.291275978 CET49776443192.168.2.434.107.243.93
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:51.297439098 CET49776443192.168.2.434.107.243.93
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:51.297439098 CET49776443192.168.2.434.107.243.93
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:51.297461987 CET4434977634.107.243.93192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:51.297708988 CET4434977634.107.243.93192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:51.297794104 CET49776443192.168.2.434.107.243.93
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:51.300422907 CET4975380192.168.2.434.107.221.82
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:51.305768013 CET804975334.107.221.82192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:51.431063890 CET804975334.107.221.82192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:51.434789896 CET4975980192.168.2.434.107.221.82
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:51.440150023 CET804975934.107.221.82192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:51.447737932 CET4434977735.244.181.201192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:51.447855949 CET49777443192.168.2.435.244.181.201
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:51.451001883 CET49777443192.168.2.435.244.181.201
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:51.451014042 CET4434977735.244.181.201192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:51.451371908 CET4434977735.244.181.201192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:51.452662945 CET4434977935.244.181.201192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:51.452750921 CET49779443192.168.2.435.244.181.201
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:51.455131054 CET49779443192.168.2.435.244.181.201
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:51.455142021 CET4434977935.244.181.201192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:51.455492973 CET4434977935.244.181.201192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:51.456059933 CET49777443192.168.2.435.244.181.201
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:51.456147909 CET49777443192.168.2.435.244.181.201
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:51.456326962 CET4434977735.244.181.201192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:51.458641052 CET49779443192.168.2.435.244.181.201
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:51.458679914 CET49779443192.168.2.435.244.181.201
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:51.458810091 CET4434977935.244.181.201192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:51.461529970 CET4434978034.149.100.209192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:51.462201118 CET4434977835.244.181.201192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:51.464991093 CET4975380192.168.2.434.107.221.82
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:51.465061903 CET49777443192.168.2.435.244.181.201
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:51.465061903 CET49779443192.168.2.435.244.181.201
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:51.465353966 CET49780443192.168.2.434.149.100.209
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:51.465522051 CET49778443192.168.2.435.244.181.201
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:51.466347933 CET49780443192.168.2.434.149.100.209
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:51.466370106 CET4434978034.149.100.209192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:51.467417955 CET4434978034.149.100.209192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:51.470308065 CET804975334.107.221.82192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:51.470505953 CET49778443192.168.2.435.244.181.201
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:51.470591068 CET4434977835.244.181.201192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:51.471009970 CET4434977835.244.181.201192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:51.472953081 CET49780443192.168.2.434.149.100.209
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:51.472995996 CET49780443192.168.2.434.149.100.209
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:51.473409891 CET4434978034.149.100.209192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:51.473469019 CET49778443192.168.2.435.244.181.201
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:51.473469019 CET49778443192.168.2.435.244.181.201
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:51.473562002 CET49780443192.168.2.434.149.100.209
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:51.473587990 CET49778443192.168.2.435.244.181.201
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:51.561871052 CET804975934.107.221.82192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:51.595792055 CET804975334.107.221.82192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:51.598958015 CET4975980192.168.2.434.107.221.82
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:51.604404926 CET804975934.107.221.82192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:51.639132023 CET4975380192.168.2.434.107.221.82
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:51.725107908 CET804975934.107.221.82192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:51.777228117 CET4975980192.168.2.434.107.221.82
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:58.843609095 CET4975380192.168.2.434.107.221.82
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:59.069490910 CET804975334.107.221.82192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:59.194645882 CET804975334.107.221.82192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:59.198298931 CET4975980192.168.2.434.107.221.82
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:59.203790903 CET804975934.107.221.82192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:59.244242907 CET4975380192.168.2.434.107.221.82
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:59.325532913 CET804975934.107.221.82192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:59.376497030 CET4975980192.168.2.434.107.221.82
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:09.203813076 CET4975380192.168.2.434.107.221.82
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:09.209186077 CET804975334.107.221.82192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:09.335377932 CET4975980192.168.2.434.107.221.82
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:09.340835094 CET804975934.107.221.82192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:12.126950026 CET49830443192.168.2.434.107.243.93
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:12.126970053 CET4434983034.107.243.93192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:12.127115965 CET49830443192.168.2.434.107.243.93
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:12.128724098 CET49830443192.168.2.434.107.243.93
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:12.128741026 CET4434983034.107.243.93192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:12.742239952 CET4434983034.107.243.93192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:12.742316961 CET49830443192.168.2.434.107.243.93
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:12.747157097 CET49830443192.168.2.434.107.243.93
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:12.747164011 CET4434983034.107.243.93192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:12.747257948 CET49830443192.168.2.434.107.243.93
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:12.747356892 CET4434983034.107.243.93192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:12.748269081 CET49830443192.168.2.434.107.243.93
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:12.750042915 CET4975380192.168.2.434.107.221.82
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:12.755506992 CET804975334.107.221.82192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:12.881683111 CET804975334.107.221.82192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:12.885284901 CET4975980192.168.2.434.107.221.82
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:12.890645027 CET804975934.107.221.82192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:12.930080891 CET4975380192.168.2.434.107.221.82
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:13.139952898 CET804975934.107.221.82192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:13.140010118 CET804975334.107.221.82192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:13.140889883 CET4975380192.168.2.434.107.221.82
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:13.184053898 CET4975980192.168.2.434.107.221.82
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:20.027283907 CET49874443192.168.2.434.120.208.123
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:20.027292013 CET4434987434.120.208.123192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:20.027456045 CET49875443192.168.2.434.120.208.123
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:20.027473927 CET4434987534.120.208.123192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:20.029794931 CET49874443192.168.2.434.120.208.123
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:20.029966116 CET49874443192.168.2.434.120.208.123
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:20.029968023 CET49875443192.168.2.434.120.208.123
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:20.029978991 CET4434987434.120.208.123192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:20.030184031 CET49875443192.168.2.434.120.208.123
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:20.030201912 CET4434987534.120.208.123192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:20.030493975 CET49876443192.168.2.434.120.208.123
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:20.030503035 CET4434987634.120.208.123192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:20.035234928 CET49876443192.168.2.434.120.208.123
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:20.035427094 CET49876443192.168.2.434.120.208.123
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:20.035440922 CET4434987634.120.208.123192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:20.631685972 CET4434987434.120.208.123192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:20.634006023 CET49874443192.168.2.434.120.208.123
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:20.638199091 CET49874443192.168.2.434.120.208.123
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:20.638206959 CET4434987434.120.208.123192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:20.638550043 CET4434987434.120.208.123192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:20.641938925 CET49874443192.168.2.434.120.208.123
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:20.641938925 CET49874443192.168.2.434.120.208.123
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:20.642127037 CET4434987434.120.208.123192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:20.642443895 CET49874443192.168.2.434.120.208.123
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:20.644671917 CET4434987534.120.208.123192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:20.645795107 CET49875443192.168.2.434.120.208.123
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:20.649719000 CET49875443192.168.2.434.120.208.123
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:20.649744034 CET4434987534.120.208.123192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:20.650053024 CET4434987534.120.208.123192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:20.652162075 CET49875443192.168.2.434.120.208.123
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:20.652188063 CET49875443192.168.2.434.120.208.123
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:20.652314901 CET4434987534.120.208.123192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:20.652566910 CET49875443192.168.2.434.120.208.123
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:20.652566910 CET49875443192.168.2.434.120.208.123
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:20.671302080 CET4434987634.120.208.123192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:20.671509981 CET49876443192.168.2.434.120.208.123
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:20.675471067 CET49876443192.168.2.434.120.208.123
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:20.675478935 CET4434987634.120.208.123192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:20.675805092 CET4434987634.120.208.123192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:20.678193092 CET49876443192.168.2.434.120.208.123
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:20.678297043 CET49876443192.168.2.434.120.208.123
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:20.678381920 CET4434987634.120.208.123192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:20.678921938 CET49876443192.168.2.434.120.208.123
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:20.709819078 CET4975380192.168.2.434.107.221.82
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:20.711507082 CET49880443192.168.2.434.120.208.123
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:20.711530924 CET4434988034.120.208.123192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:20.715203047 CET804975334.107.221.82192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:20.719798088 CET49880443192.168.2.434.120.208.123
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:20.719932079 CET49880443192.168.2.434.120.208.123
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:20.719948053 CET4434988034.120.208.123192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:20.761981964 CET49881443192.168.2.434.120.208.123
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:20.761995077 CET4434988134.120.208.123192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:20.762116909 CET49882443192.168.2.434.120.208.123
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:20.762131929 CET4434988234.120.208.123192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:20.762219906 CET49883443192.168.2.434.120.208.123
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:20.762234926 CET4434988334.120.208.123192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:20.765012980 CET49881443192.168.2.434.120.208.123
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:20.765230894 CET49882443192.168.2.434.120.208.123
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:20.765232086 CET49881443192.168.2.434.120.208.123
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:20.765232086 CET49883443192.168.2.434.120.208.123
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:20.765245914 CET4434988134.120.208.123192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:20.765415907 CET49883443192.168.2.434.120.208.123
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:20.765428066 CET4434988334.120.208.123192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:20.765552998 CET49882443192.168.2.434.120.208.123
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:20.765568972 CET4434988234.120.208.123192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:20.840224981 CET804975334.107.221.82192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:20.897008896 CET4975980192.168.2.434.107.221.82
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:20.900995970 CET4975380192.168.2.434.107.221.82
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:20.902436018 CET804975934.107.221.82192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:21.023127079 CET804975934.107.221.82192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:21.082844973 CET4975980192.168.2.434.107.221.82
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:21.345191956 CET4434988034.120.208.123192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:21.345216036 CET4434988034.120.208.123192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:21.345284939 CET49880443192.168.2.434.120.208.123
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:21.349361897 CET49880443192.168.2.434.120.208.123
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:21.349375963 CET4434988034.120.208.123192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:21.349854946 CET4434988034.120.208.123192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:21.351893902 CET49880443192.168.2.434.120.208.123
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:21.352083921 CET4434988034.120.208.123192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:21.352190971 CET49880443192.168.2.434.120.208.123
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:21.352199078 CET4434988034.120.208.123192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:21.355086088 CET4975380192.168.2.434.107.221.82
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:21.360451937 CET804975334.107.221.82192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:21.371165991 CET4434988334.120.208.123192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:21.371238947 CET49883443192.168.2.434.120.208.123
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:21.372657061 CET4434988234.120.208.123192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:21.375190020 CET49883443192.168.2.434.120.208.123
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:21.375199080 CET4434988334.120.208.123192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:21.375629902 CET49882443192.168.2.434.120.208.123
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:21.375863075 CET4434988334.120.208.123192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:21.378057003 CET49882443192.168.2.434.120.208.123
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:21.378063917 CET4434988234.120.208.123192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:21.378330946 CET4434988234.120.208.123192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:21.380151033 CET4434988134.120.208.123192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:21.380523920 CET49883443192.168.2.434.120.208.123
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:21.380781889 CET4434988334.120.208.123192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:21.381124973 CET49883443192.168.2.434.120.208.123
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:21.381130934 CET4434988334.120.208.123192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:21.382215023 CET49882443192.168.2.434.120.208.123
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:21.382222891 CET49883443192.168.2.434.120.208.123
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:21.382322073 CET49882443192.168.2.434.120.208.123
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:21.382322073 CET49883443192.168.2.434.120.208.123
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:21.382322073 CET49883443192.168.2.434.120.208.123
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:21.382322073 CET49881443192.168.2.434.120.208.123
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:21.385806084 CET49881443192.168.2.434.120.208.123
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:21.385809898 CET4434988134.120.208.123192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:21.386128902 CET4434988134.120.208.123192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:21.388277054 CET49881443192.168.2.434.120.208.123
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:21.388333082 CET49881443192.168.2.434.120.208.123
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:21.388461113 CET4434988134.120.208.123192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:21.389349937 CET49881443192.168.2.434.120.208.123
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:21.485666037 CET804975334.107.221.82192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:21.488802910 CET4975980192.168.2.434.107.221.82
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:21.494252920 CET804975934.107.221.82192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:21.538631916 CET4975380192.168.2.434.107.221.82
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:21.567358971 CET4434988034.120.208.123192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:21.567488909 CET49880443192.168.2.434.120.208.123
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:21.614976883 CET804975934.107.221.82192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:21.661134958 CET4975980192.168.2.434.107.221.82
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:31.489442110 CET4975380192.168.2.434.107.221.82
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:31.494705915 CET804975334.107.221.82192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:31.620964050 CET4975980192.168.2.434.107.221.82
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:31.626372099 CET804975934.107.221.82192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:41.518640995 CET4975380192.168.2.434.107.221.82
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:41.524097919 CET804975334.107.221.82192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:41.634540081 CET4975980192.168.2.434.107.221.82
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:41.642174006 CET804975934.107.221.82192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:51.547110081 CET4975380192.168.2.434.107.221.82
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:51.552464962 CET804975334.107.221.82192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:51.647084951 CET4975980192.168.2.434.107.221.82
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:51.652386904 CET804975934.107.221.82192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:52.762849092 CET50057443192.168.2.434.107.243.93
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:52.762883902 CET4435005734.107.243.93192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:52.762976885 CET50057443192.168.2.434.107.243.93
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:52.765116930 CET50057443192.168.2.434.107.243.93
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:52.765141964 CET4435005734.107.243.93192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:53.371603966 CET4435005734.107.243.93192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:53.371691942 CET50057443192.168.2.434.107.243.93
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:53.379036903 CET50057443192.168.2.434.107.243.93
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:53.379045010 CET4435005734.107.243.93192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:53.379170895 CET50057443192.168.2.434.107.243.93
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:53.379242897 CET4435005734.107.243.93192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:53.380600929 CET50057443192.168.2.434.107.243.93
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:53.382208109 CET4975380192.168.2.434.107.221.82
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:53.387512922 CET804975334.107.221.82192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:53.512733936 CET804975334.107.221.82192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:53.518156052 CET4975980192.168.2.434.107.221.82
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:53.523591042 CET804975934.107.221.82192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:53.552774906 CET4975380192.168.2.434.107.221.82
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:53.644171000 CET804975934.107.221.82192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:53.684501886 CET4975980192.168.2.434.107.221.82
                                                                                                                                                                                                                                              Oct 27, 2024 07:30:03.528141022 CET4975380192.168.2.434.107.221.82
                                                                                                                                                                                                                                              Oct 27, 2024 07:30:03.534091949 CET804975334.107.221.82192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:30:03.659699917 CET4975980192.168.2.434.107.221.82
                                                                                                                                                                                                                                              Oct 27, 2024 07:30:03.665100098 CET804975934.107.221.82192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:30:13.542253017 CET4975380192.168.2.434.107.221.82
                                                                                                                                                                                                                                              Oct 27, 2024 07:30:13.547811985 CET804975334.107.221.82192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:30:13.673917055 CET4975980192.168.2.434.107.221.82
                                                                                                                                                                                                                                              Oct 27, 2024 07:30:13.679388046 CET804975934.107.221.82192.168.2.4

                                                                                                                                                                                                                                              UDP Packets

                                                                                                                                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:21.719727993 CET4936453192.168.2.41.1.1.1
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:21.727731943 CET53493641.1.1.1192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:21.728611946 CET5485153192.168.2.41.1.1.1
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:21.736223936 CET53548511.1.1.1192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:24.172732115 CET6275753192.168.2.41.1.1.1
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:24.206489086 CET5427353192.168.2.41.1.1.1
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:24.215372086 CET53542731.1.1.1192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:24.223434925 CET5799053192.168.2.41.1.1.1
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:24.232280970 CET53579901.1.1.1192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:26.184448004 CET6541853192.168.2.41.1.1.1
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:26.191837072 CET53654181.1.1.1192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:26.193475008 CET5579753192.168.2.41.1.1.1
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:26.201299906 CET53557971.1.1.1192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:26.202243090 CET4920253192.168.2.41.1.1.1
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:26.209986925 CET53492021.1.1.1192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:26.970210075 CET5098853192.168.2.41.1.1.1
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:26.978142023 CET53509881.1.1.1192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:26.985461950 CET4993453192.168.2.41.1.1.1
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:26.993187904 CET53499341.1.1.1192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:27.262219906 CET5886553192.168.2.41.1.1.1
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:27.341206074 CET6430153192.168.2.41.1.1.1
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:27.348649979 CET53643011.1.1.1192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:27.356816053 CET6275353192.168.2.41.1.1.1
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:27.364125967 CET53627531.1.1.1192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:27.365658045 CET6187353192.168.2.41.1.1.1
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:27.373565912 CET53618731.1.1.1192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:27.375286102 CET5696853192.168.2.41.1.1.1
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:27.380928993 CET5095653192.168.2.41.1.1.1
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:27.382498026 CET53569681.1.1.1192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:27.388674021 CET53509561.1.1.1192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:27.396774054 CET5595853192.168.2.41.1.1.1
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:27.404382944 CET53559581.1.1.1192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:27.407141924 CET5667553192.168.2.41.1.1.1
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:27.415245056 CET53566751.1.1.1192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:27.417061090 CET6454653192.168.2.41.1.1.1
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:27.425013065 CET53645461.1.1.1192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:27.433715105 CET5234453192.168.2.41.1.1.1
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:27.441060066 CET53523441.1.1.1192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:27.451998949 CET5430953192.168.2.41.1.1.1
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:27.460480928 CET53543091.1.1.1192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:27.461138010 CET5114053192.168.2.41.1.1.1
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:27.468827009 CET53511401.1.1.1192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:29.260929108 CET5520453192.168.2.41.1.1.1
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:29.263385057 CET6056853192.168.2.41.1.1.1
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:29.305529118 CET53635951.1.1.1192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:32.386495113 CET5893253192.168.2.41.1.1.1
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:32.394315958 CET53589321.1.1.1192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:32.397892952 CET6400153192.168.2.41.1.1.1
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:32.405155897 CET53640011.1.1.1192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:32.405810118 CET5525253192.168.2.41.1.1.1
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:32.413233042 CET53552521.1.1.1192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:38.703948021 CET5524653192.168.2.41.1.1.1
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:38.711471081 CET53552461.1.1.1192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:38.715142965 CET5049053192.168.2.41.1.1.1
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:38.723336935 CET53504901.1.1.1192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:38.724370003 CET6093953192.168.2.41.1.1.1
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:38.732817888 CET53609391.1.1.1192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:39.279830933 CET6015953192.168.2.41.1.1.1
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:39.287950993 CET53601591.1.1.1192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:40.566967964 CET5109653192.168.2.41.1.1.1
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:40.574284077 CET53510961.1.1.1192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:40.577080965 CET5342653192.168.2.41.1.1.1
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:40.585366011 CET53534261.1.1.1192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:40.682445049 CET6072453192.168.2.41.1.1.1
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:40.689791918 CET53607241.1.1.1192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:40.988514900 CET5684453192.168.2.41.1.1.1
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:40.995712042 CET53568441.1.1.1192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:40.997292995 CET5701453192.168.2.41.1.1.1
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:41.005151033 CET53570141.1.1.1192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:41.009423018 CET4958253192.168.2.41.1.1.1
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:41.016617060 CET53495821.1.1.1192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:46.699631929 CET5745553192.168.2.41.1.1.1
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:46.699681044 CET5423953192.168.2.41.1.1.1
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:46.699978113 CET6296653192.168.2.41.1.1.1
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:46.707022905 CET53629661.1.1.1192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:46.707060099 CET53574551.1.1.1192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:46.707864046 CET53542391.1.1.1192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:46.709054947 CET6467353192.168.2.41.1.1.1
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:46.709377050 CET6501153192.168.2.41.1.1.1
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:46.710797071 CET5009453192.168.2.41.1.1.1
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:46.716667891 CET53646731.1.1.1192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:46.716754913 CET53650111.1.1.1192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:46.718416929 CET53500941.1.1.1192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:46.718763113 CET5319653192.168.2.41.1.1.1
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:46.718763113 CET5701253192.168.2.41.1.1.1
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:46.719315052 CET6337953192.168.2.41.1.1.1
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:46.725991964 CET53570121.1.1.1192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:46.726421118 CET53531961.1.1.1192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:46.726596117 CET53633791.1.1.1192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:46.726838112 CET5670553192.168.2.41.1.1.1
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:46.727282047 CET5284953192.168.2.41.1.1.1
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:46.734181881 CET53567051.1.1.1192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:46.734657049 CET53528491.1.1.1192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:46.734841108 CET6352753192.168.2.41.1.1.1
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:46.735517979 CET5627453192.168.2.41.1.1.1
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:46.742645025 CET53562741.1.1.1192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:46.742675066 CET53635271.1.1.1192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:46.743192911 CET5770653192.168.2.41.1.1.1
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:46.743508101 CET5473253192.168.2.41.1.1.1
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:46.751142979 CET53577061.1.1.1192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:46.751635075 CET53547321.1.1.1192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:50.167361975 CET5833353192.168.2.41.1.1.1
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:50.176542044 CET53583331.1.1.1192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:50.185900927 CET5359653192.168.2.41.1.1.1
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:50.194947958 CET5170553192.168.2.41.1.1.1
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:50.196571112 CET53535961.1.1.1192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:50.202507973 CET5705253192.168.2.41.1.1.1
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:50.202516079 CET53517051.1.1.1192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:50.207325935 CET6391853192.168.2.41.1.1.1
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:50.211113930 CET53570521.1.1.1192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:50.213778019 CET6033953192.168.2.41.1.1.1
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:50.215020895 CET53639181.1.1.1192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:50.222186089 CET53603391.1.1.1192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:50.224623919 CET5944653192.168.2.41.1.1.1
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:50.231985092 CET53594461.1.1.1192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:50.680111885 CET6405753192.168.2.41.1.1.1
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:50.687392950 CET53640571.1.1.1192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:50.688582897 CET5687553192.168.2.41.1.1.1
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:50.696453094 CET53568751.1.1.1192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:12.118652105 CET6477253192.168.2.41.1.1.1
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:12.125952959 CET53647721.1.1.1192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:12.126842022 CET5216453192.168.2.41.1.1.1
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:12.134443045 CET53521641.1.1.1192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:12.750289917 CET4992753192.168.2.41.1.1.1
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:20.059968948 CET5204653192.168.2.41.1.1.1
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:20.067653894 CET53520461.1.1.1192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:52.753699064 CET6033353192.168.2.41.1.1.1
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:52.761430979 CET53603331.1.1.1192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:52.762557983 CET5897253192.168.2.41.1.1.1
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:52.769968033 CET53589721.1.1.1192.168.2.4
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:53.383131027 CET5965153192.168.2.41.1.1.1
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:53.392029047 CET53596511.1.1.1192.168.2.4

                                                                                                                                                                                                                                              DNS Queries

                                                                                                                                                                                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:21.719727993 CET192.168.2.41.1.1.10xb1ecStandard query (0)prod.classify-client.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:21.728611946 CET192.168.2.41.1.1.10x6f6Standard query (0)prod.classify-client.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:24.172732115 CET192.168.2.41.1.1.10x634bStandard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:24.206489086 CET192.168.2.41.1.1.10xdcaeStandard query (0)prod.detectportal.prod.cloudops.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:24.223434925 CET192.168.2.41.1.1.10x8b49Standard query (0)prod.detectportal.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:26.184448004 CET192.168.2.41.1.1.10x9d31Standard query (0)youtube.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:26.193475008 CET192.168.2.41.1.1.10x449fStandard query (0)youtube.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:26.202243090 CET192.168.2.41.1.1.10x1f79Standard query (0)youtube.com28IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:26.970210075 CET192.168.2.41.1.1.10xc157Standard query (0)example.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:26.985461950 CET192.168.2.41.1.1.10xa49dStandard query (0)ipv4only.arpaA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:27.262219906 CET192.168.2.41.1.1.10xcf15Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:27.341206074 CET192.168.2.41.1.1.10xcfd1Standard query (0)contile.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:27.356816053 CET192.168.2.41.1.1.10xcec0Standard query (0)contile.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:27.365658045 CET192.168.2.41.1.1.10x8383Standard query (0)prod.balrog.prod.cloudops.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:27.375286102 CET192.168.2.41.1.1.10x278fStandard query (0)contile.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:27.380928993 CET192.168.2.41.1.1.10x2119Standard query (0)spocs.getpocket.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:27.396774054 CET192.168.2.41.1.1.10xad76Standard query (0)prod.balrog.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:27.407141924 CET192.168.2.41.1.1.10x2c1Standard query (0)prod.ads.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:27.417061090 CET192.168.2.41.1.1.10x6a06Standard query (0)prod.ads.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:27.433715105 CET192.168.2.41.1.1.10xe9b5Standard query (0)content-signature-2.cdn.mozilla.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:27.451998949 CET192.168.2.41.1.1.10xfa53Standard query (0)prod.content-signature-chains.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:27.461138010 CET192.168.2.41.1.1.10x2876Standard query (0)prod.content-signature-chains.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:29.260929108 CET192.168.2.41.1.1.10xa8faStandard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:29.263385057 CET192.168.2.41.1.1.10x668bStandard query (0)shavar.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:32.386495113 CET192.168.2.41.1.1.10xb979Standard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:32.397892952 CET192.168.2.41.1.1.10x6591Standard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:32.405810118 CET192.168.2.41.1.1.10x7ba9Standard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:38.703948021 CET192.168.2.41.1.1.10xc20cStandard query (0)support.mozilla.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:38.715142965 CET192.168.2.41.1.1.10xc4bbStandard query (0)us-west1.prod.sumo.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:38.724370003 CET192.168.2.41.1.1.10xb874Standard query (0)us-west1.prod.sumo.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:39.279830933 CET192.168.2.41.1.1.10xe669Standard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:40.566967964 CET192.168.2.41.1.1.10x43cfStandard query (0)telemetry-incoming.r53-2.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:40.577080965 CET192.168.2.41.1.1.10x41bdStandard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:40.682445049 CET192.168.2.41.1.1.10xac66Standard query (0)prod.balrog.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:40.988514900 CET192.168.2.41.1.1.10x4524Standard query (0)firefox.settings.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:40.997292995 CET192.168.2.41.1.1.10xce12Standard query (0)prod.remote-settings.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:41.009423018 CET192.168.2.41.1.1.10x550cStandard query (0)prod.remote-settings.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:46.699631929 CET192.168.2.41.1.1.10x6262Standard query (0)www.facebook.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:46.699681044 CET192.168.2.41.1.1.10xf855Standard query (0)www.youtube.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:46.699978113 CET192.168.2.41.1.1.10x95d8Standard query (0)www.wikipedia.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:46.709054947 CET192.168.2.41.1.1.10xb986Standard query (0)dyna.wikimedia.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:46.709377050 CET192.168.2.41.1.1.10xe201Standard query (0)star-mini.c10r.facebook.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:46.710797071 CET192.168.2.41.1.1.10x6938Standard query (0)youtube-ui.l.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:46.718763113 CET192.168.2.41.1.1.10x632aStandard query (0)dyna.wikimedia.org28IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:46.718763113 CET192.168.2.41.1.1.10x9669Standard query (0)star-mini.c10r.facebook.com28IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:46.719315052 CET192.168.2.41.1.1.10xa80Standard query (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:46.726838112 CET192.168.2.41.1.1.10x47eStandard query (0)www.reddit.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:46.727282047 CET192.168.2.41.1.1.10x7d43Standard query (0)twitter.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:46.734841108 CET192.168.2.41.1.1.10x1a8eStandard query (0)reddit.map.fastly.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:46.735517979 CET192.168.2.41.1.1.10xcd1bStandard query (0)twitter.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:46.743192911 CET192.168.2.41.1.1.10x9e48Standard query (0)twitter.com28IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:46.743508101 CET192.168.2.41.1.1.10x92bbStandard query (0)reddit.map.fastly.net28IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:50.167361975 CET192.168.2.41.1.1.10x4cf9Standard query (0)prod.balrog.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:50.185900927 CET192.168.2.41.1.1.10x20daStandard query (0)services.addons.mozilla.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:50.194947958 CET192.168.2.41.1.1.10x301eStandard query (0)normandy.cdn.mozilla.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:50.202507973 CET192.168.2.41.1.1.10xac8bStandard query (0)services.addons.mozilla.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:50.207325935 CET192.168.2.41.1.1.10x2336Standard query (0)normandy-cdn.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:50.213778019 CET192.168.2.41.1.1.10x46f0Standard query (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:50.224623919 CET192.168.2.41.1.1.10x7e88Standard query (0)normandy-cdn.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:50.680111885 CET192.168.2.41.1.1.10x1ad3Standard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:50.688582897 CET192.168.2.41.1.1.10x9cbeStandard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:12.118652105 CET192.168.2.41.1.1.10x5391Standard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:12.126842022 CET192.168.2.41.1.1.10xca23Standard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:12.750289917 CET192.168.2.41.1.1.10x3d44Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:20.059968948 CET192.168.2.41.1.1.10xff86Standard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:52.753699064 CET192.168.2.41.1.1.10xcd7Standard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:52.762557983 CET192.168.2.41.1.1.10x429Standard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:53.383131027 CET192.168.2.41.1.1.10xe6f5Standard query (0)prod.detectportal.prod.cloudops.mozgcp.netA (IP address)IN (0x0001)false

                                                                                                                                                                                                                                              DNS Answers

                                                                                                                                                                                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:21.714222908 CET1.1.1.1192.168.2.40xaa3fNo error (0)prod.classify-client.prod.webservices.mozgcp.net35.190.72.216A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:21.727731943 CET1.1.1.1192.168.2.40xb1ecNo error (0)prod.classify-client.prod.webservices.mozgcp.net35.190.72.216A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:24.180593014 CET1.1.1.1192.168.2.40x634bNo error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:24.180593014 CET1.1.1.1192.168.2.40x634bNo error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:24.215372086 CET1.1.1.1192.168.2.40xdcaeNo error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:24.232280970 CET1.1.1.1192.168.2.40x8b49No error (0)prod.detectportal.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:26.191837072 CET1.1.1.1192.168.2.40x9d31No error (0)youtube.com142.250.185.174A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:26.201299906 CET1.1.1.1192.168.2.40x449fNo error (0)youtube.com142.250.184.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:26.209986925 CET1.1.1.1192.168.2.40x1f79No error (0)youtube.com28IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:26.978142023 CET1.1.1.1192.168.2.40xc157No error (0)example.org93.184.215.14A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:26.993187904 CET1.1.1.1192.168.2.40xa49dNo error (0)ipv4only.arpa192.0.0.171A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:26.993187904 CET1.1.1.1192.168.2.40xa49dNo error (0)ipv4only.arpa192.0.0.170A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:27.270047903 CET1.1.1.1192.168.2.40xcf15No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:27.270047903 CET1.1.1.1192.168.2.40xcf15No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:27.348649979 CET1.1.1.1192.168.2.40xcfd1No error (0)contile.services.mozilla.com34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:27.352648973 CET1.1.1.1192.168.2.40x97a5No error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:27.352648973 CET1.1.1.1192.168.2.40x97a5No error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:27.364125967 CET1.1.1.1192.168.2.40xcec0No error (0)contile.services.mozilla.com34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:27.373565912 CET1.1.1.1192.168.2.40x8383No error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:27.388674021 CET1.1.1.1192.168.2.40x2119No error (0)spocs.getpocket.comprod.ads.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:27.388674021 CET1.1.1.1192.168.2.40x2119No error (0)prod.ads.prod.webservices.mozgcp.net34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:27.415245056 CET1.1.1.1192.168.2.40x2c1No error (0)prod.ads.prod.webservices.mozgcp.net34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:27.441060066 CET1.1.1.1192.168.2.40xe9b5No error (0)content-signature-2.cdn.mozilla.netcontent-signature-chains.prod.autograph.services.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:27.441060066 CET1.1.1.1192.168.2.40xe9b5No error (0)content-signature-chains.prod.autograph.services.mozaws.netprod.content-signature-chains.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:27.441060066 CET1.1.1.1192.168.2.40xe9b5No error (0)prod.content-signature-chains.prod.webservices.mozgcp.net34.160.144.191A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:27.460480928 CET1.1.1.1192.168.2.40xfa53No error (0)prod.content-signature-chains.prod.webservices.mozgcp.net34.160.144.191A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:27.468827009 CET1.1.1.1192.168.2.40x2876No error (0)prod.content-signature-chains.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:29.268904924 CET1.1.1.1192.168.2.40xa8faNo error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:29.268904924 CET1.1.1.1192.168.2.40xa8faNo error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:29.271930933 CET1.1.1.1192.168.2.40x668bNo error (0)shavar.services.mozilla.comshavar.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:32.394315958 CET1.1.1.1192.168.2.40xb979No error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:32.405155897 CET1.1.1.1192.168.2.40x6591No error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:38.711471081 CET1.1.1.1192.168.2.40xc20cNo error (0)support.mozilla.orgprod.sumo.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:38.711471081 CET1.1.1.1192.168.2.40xc20cNo error (0)prod.sumo.prod.webservices.mozgcp.netus-west1.prod.sumo.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:38.711471081 CET1.1.1.1192.168.2.40xc20cNo error (0)us-west1.prod.sumo.prod.webservices.mozgcp.net34.149.128.2A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:38.723336935 CET1.1.1.1192.168.2.40xc4bbNo error (0)us-west1.prod.sumo.prod.webservices.mozgcp.net34.149.128.2A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:40.565418005 CET1.1.1.1192.168.2.40x99ffNo error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:40.574284077 CET1.1.1.1192.168.2.40x43cfNo error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:40.681468964 CET1.1.1.1192.168.2.40x6c4aNo error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:40.681468964 CET1.1.1.1192.168.2.40x6c4aNo error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:40.995712042 CET1.1.1.1192.168.2.40x4524No error (0)firefox.settings.services.mozilla.comprod.remote-settings.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:40.995712042 CET1.1.1.1192.168.2.40x4524No error (0)prod.remote-settings.prod.webservices.mozgcp.net34.149.100.209A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:41.005151033 CET1.1.1.1192.168.2.40xce12No error (0)prod.remote-settings.prod.webservices.mozgcp.net34.149.100.209A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:41.366738081 CET1.1.1.1192.168.2.40xf500No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:46.707022905 CET1.1.1.1192.168.2.40x95d8No error (0)www.wikipedia.orgdyna.wikimedia.orgCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:46.707022905 CET1.1.1.1192.168.2.40x95d8No error (0)dyna.wikimedia.org185.15.59.224A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:46.707060099 CET1.1.1.1192.168.2.40x6262No error (0)www.facebook.comstar-mini.c10r.facebook.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:46.707060099 CET1.1.1.1192.168.2.40x6262No error (0)star-mini.c10r.facebook.com157.240.251.35A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:46.707864046 CET1.1.1.1192.168.2.40xf855No error (0)www.youtube.comyoutube-ui.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:46.707864046 CET1.1.1.1192.168.2.40xf855No error (0)youtube-ui.l.google.com142.250.186.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:46.707864046 CET1.1.1.1192.168.2.40xf855No error (0)youtube-ui.l.google.com142.250.186.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:46.707864046 CET1.1.1.1192.168.2.40xf855No error (0)youtube-ui.l.google.com172.217.23.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:46.707864046 CET1.1.1.1192.168.2.40xf855No error (0)youtube-ui.l.google.com142.250.186.174A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:46.707864046 CET1.1.1.1192.168.2.40xf855No error (0)youtube-ui.l.google.com142.250.184.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:46.707864046 CET1.1.1.1192.168.2.40xf855No error (0)youtube-ui.l.google.com172.217.16.142A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:46.707864046 CET1.1.1.1192.168.2.40xf855No error (0)youtube-ui.l.google.com142.250.186.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:46.707864046 CET1.1.1.1192.168.2.40xf855No error (0)youtube-ui.l.google.com142.250.185.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:46.707864046 CET1.1.1.1192.168.2.40xf855No error (0)youtube-ui.l.google.com172.217.18.14A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:46.707864046 CET1.1.1.1192.168.2.40xf855No error (0)youtube-ui.l.google.com142.250.74.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:46.707864046 CET1.1.1.1192.168.2.40xf855No error (0)youtube-ui.l.google.com172.217.18.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:46.707864046 CET1.1.1.1192.168.2.40xf855No error (0)youtube-ui.l.google.com216.58.206.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:46.707864046 CET1.1.1.1192.168.2.40xf855No error (0)youtube-ui.l.google.com142.250.184.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:46.707864046 CET1.1.1.1192.168.2.40xf855No error (0)youtube-ui.l.google.com172.217.16.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:46.707864046 CET1.1.1.1192.168.2.40xf855No error (0)youtube-ui.l.google.com142.250.186.142A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:46.707864046 CET1.1.1.1192.168.2.40xf855No error (0)youtube-ui.l.google.com142.250.185.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:46.716667891 CET1.1.1.1192.168.2.40xb986No error (0)dyna.wikimedia.org185.15.59.224A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:46.716754913 CET1.1.1.1192.168.2.40xe201No error (0)star-mini.c10r.facebook.com157.240.0.35A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:46.718416929 CET1.1.1.1192.168.2.40x6938No error (0)youtube-ui.l.google.com142.250.186.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:46.718416929 CET1.1.1.1192.168.2.40x6938No error (0)youtube-ui.l.google.com142.250.186.174A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:46.718416929 CET1.1.1.1192.168.2.40x6938No error (0)youtube-ui.l.google.com172.217.18.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:46.718416929 CET1.1.1.1192.168.2.40x6938No error (0)youtube-ui.l.google.com142.250.185.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:46.718416929 CET1.1.1.1192.168.2.40x6938No error (0)youtube-ui.l.google.com216.58.212.174A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:46.718416929 CET1.1.1.1192.168.2.40x6938No error (0)youtube-ui.l.google.com216.58.206.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:46.718416929 CET1.1.1.1192.168.2.40x6938No error (0)youtube-ui.l.google.com142.250.185.142A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:46.718416929 CET1.1.1.1192.168.2.40x6938No error (0)youtube-ui.l.google.com216.58.206.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:46.718416929 CET1.1.1.1192.168.2.40x6938No error (0)youtube-ui.l.google.com142.250.181.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:46.718416929 CET1.1.1.1192.168.2.40x6938No error (0)youtube-ui.l.google.com142.250.185.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:46.718416929 CET1.1.1.1192.168.2.40x6938No error (0)youtube-ui.l.google.com142.250.185.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:46.718416929 CET1.1.1.1192.168.2.40x6938No error (0)youtube-ui.l.google.com142.250.186.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:46.718416929 CET1.1.1.1192.168.2.40x6938No error (0)youtube-ui.l.google.com216.58.212.142A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:46.718416929 CET1.1.1.1192.168.2.40x6938No error (0)youtube-ui.l.google.com142.250.185.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:46.718416929 CET1.1.1.1192.168.2.40x6938No error (0)youtube-ui.l.google.com142.250.185.174A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:46.718416929 CET1.1.1.1192.168.2.40x6938No error (0)youtube-ui.l.google.com142.250.184.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:46.725991964 CET1.1.1.1192.168.2.40x9669No error (0)star-mini.c10r.facebook.com28IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:46.726421118 CET1.1.1.1192.168.2.40x632aNo error (0)dyna.wikimedia.org28IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:46.726596117 CET1.1.1.1192.168.2.40xa80No error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:46.726596117 CET1.1.1.1192.168.2.40xa80No error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:46.726596117 CET1.1.1.1192.168.2.40xa80No error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:46.726596117 CET1.1.1.1192.168.2.40xa80No error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:46.734181881 CET1.1.1.1192.168.2.40x47eNo error (0)www.reddit.comreddit.map.fastly.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:46.734181881 CET1.1.1.1192.168.2.40x47eNo error (0)reddit.map.fastly.net151.101.1.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:46.734181881 CET1.1.1.1192.168.2.40x47eNo error (0)reddit.map.fastly.net151.101.65.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:46.734181881 CET1.1.1.1192.168.2.40x47eNo error (0)reddit.map.fastly.net151.101.193.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:46.734181881 CET1.1.1.1192.168.2.40x47eNo error (0)reddit.map.fastly.net151.101.129.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:46.734657049 CET1.1.1.1192.168.2.40x7d43No error (0)twitter.com104.244.42.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:46.742645025 CET1.1.1.1192.168.2.40xcd1bNo error (0)twitter.com104.244.42.193A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:46.742675066 CET1.1.1.1192.168.2.40x1a8eNo error (0)reddit.map.fastly.net151.101.129.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:46.742675066 CET1.1.1.1192.168.2.40x1a8eNo error (0)reddit.map.fastly.net151.101.193.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:46.742675066 CET1.1.1.1192.168.2.40x1a8eNo error (0)reddit.map.fastly.net151.101.65.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:46.742675066 CET1.1.1.1192.168.2.40x1a8eNo error (0)reddit.map.fastly.net151.101.1.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:50.196571112 CET1.1.1.1192.168.2.40x20daNo error (0)services.addons.mozilla.org151.101.65.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:50.196571112 CET1.1.1.1192.168.2.40x20daNo error (0)services.addons.mozilla.org151.101.1.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:50.196571112 CET1.1.1.1192.168.2.40x20daNo error (0)services.addons.mozilla.org151.101.129.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:50.196571112 CET1.1.1.1192.168.2.40x20daNo error (0)services.addons.mozilla.org151.101.193.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:50.202516079 CET1.1.1.1192.168.2.40x301eNo error (0)normandy.cdn.mozilla.netnormandy-cdn.services.mozilla.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:50.202516079 CET1.1.1.1192.168.2.40x301eNo error (0)normandy-cdn.services.mozilla.com35.201.103.21A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:50.211113930 CET1.1.1.1192.168.2.40xac8bNo error (0)services.addons.mozilla.org151.101.1.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:50.211113930 CET1.1.1.1192.168.2.40xac8bNo error (0)services.addons.mozilla.org151.101.65.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:50.211113930 CET1.1.1.1192.168.2.40xac8bNo error (0)services.addons.mozilla.org151.101.129.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:50.211113930 CET1.1.1.1192.168.2.40xac8bNo error (0)services.addons.mozilla.org151.101.193.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:50.215020895 CET1.1.1.1192.168.2.40x2336No error (0)normandy-cdn.services.mozilla.com35.201.103.21A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:50.687392950 CET1.1.1.1192.168.2.40x1ad3No error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:51.516128063 CET1.1.1.1192.168.2.40xd0a4No error (0)a21ed24aedde648804e7-228765c84088fef4ff5e70f2710398e9.r17.cf1.rackcdn.coma17.rackcdn.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:51.516128063 CET1.1.1.1192.168.2.40xd0a4No error (0)a17.rackcdn.coma17.rackcdn.com.mdc.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:12.125952959 CET1.1.1.1192.168.2.40x5391No error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:12.757575035 CET1.1.1.1192.168.2.40x3d44No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:12.757575035 CET1.1.1.1192.168.2.40x3d44No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:20.034079075 CET1.1.1.1192.168.2.40xd5bfNo error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:52.761430979 CET1.1.1.1192.168.2.40xcd7No error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:53.392029047 CET1.1.1.1192.168.2.40xe6f5No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false

                                                                                                                                                                                                                                              HTTP Request Dependency Graph

                                                                                                                                                                                                                                              • detectportal.firefox.com

                                                                                                                                                                                                                                              HTTP Packets

                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                              0192.168.2.44973934.107.221.82806784C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:26.175620079 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:26.785321951 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                              Content-Length: 90
                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                              Date: Sat, 26 Oct 2024 13:44:17 GMT
                                                                                                                                                                                                                                              Age: 60249
                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>


                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                              1192.168.2.44974334.107.221.82806784C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:27.279809952 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:27.882883072 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                              Content-Length: 8
                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                              Date: Sat, 26 Oct 2024 12:39:53 GMT
                                                                                                                                                                                                                                              Age: 64114
                                                                                                                                                                                                                                              Content-Type: text/plain
                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                              Data Ascii: success


                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                              2192.168.2.44975334.107.221.82806784C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:29.270534039 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:29.895798922 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                              Content-Length: 90
                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                              Date: Sat, 26 Oct 2024 13:44:17 GMT
                                                                                                                                                                                                                                              Age: 60252
                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:32.598911047 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:32.729583025 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                              Content-Length: 90
                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                              Date: Sat, 26 Oct 2024 13:44:17 GMT
                                                                                                                                                                                                                                              Age: 60255
                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:34.240859032 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:34.371437073 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                              Content-Length: 90
                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                              Date: Sat, 26 Oct 2024 13:44:17 GMT
                                                                                                                                                                                                                                              Age: 60257
                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:40.608248949 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:40.739882946 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                              Content-Length: 90
                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                              Date: Sat, 26 Oct 2024 13:44:17 GMT
                                                                                                                                                                                                                                              Age: 60263
                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:41.355525970 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:41.690601110 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                              Content-Length: 90
                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                              Date: Sat, 26 Oct 2024 13:44:17 GMT
                                                                                                                                                                                                                                              Age: 60264
                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:41.721812010 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                              Content-Length: 90
                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                              Date: Sat, 26 Oct 2024 13:44:17 GMT
                                                                                                                                                                                                                                              Age: 60264
                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:43.902952909 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:44.033444881 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                              Content-Length: 90
                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                              Date: Sat, 26 Oct 2024 13:44:17 GMT
                                                                                                                                                                                                                                              Age: 60266
                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:44.559974909 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:44.690581083 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                              Content-Length: 90
                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                              Date: Sat, 26 Oct 2024 13:44:17 GMT
                                                                                                                                                                                                                                              Age: 60267
                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:50.794011116 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:50.924565077 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                              Content-Length: 90
                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                              Date: Sat, 26 Oct 2024 13:44:17 GMT
                                                                                                                                                                                                                                              Age: 60273
                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:51.300422907 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:51.431063890 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                              Content-Length: 90
                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                              Date: Sat, 26 Oct 2024 13:44:17 GMT
                                                                                                                                                                                                                                              Age: 60274
                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:51.464991093 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:51.595792055 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                              Content-Length: 90
                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                              Date: Sat, 26 Oct 2024 13:44:17 GMT
                                                                                                                                                                                                                                              Age: 60274
                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:58.843609095 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:59.194645882 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                              Content-Length: 90
                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                              Date: Sat, 26 Oct 2024 13:44:17 GMT
                                                                                                                                                                                                                                              Age: 60282
                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:09.203813076 CET6OUTData Raw: 00
                                                                                                                                                                                                                                              Data Ascii:
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:12.750042915 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:12.881683111 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                              Content-Length: 90
                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                              Date: Sat, 26 Oct 2024 13:44:17 GMT
                                                                                                                                                                                                                                              Age: 60295
                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:13.140010118 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                              Content-Length: 90
                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                              Date: Sat, 26 Oct 2024 13:44:17 GMT
                                                                                                                                                                                                                                              Age: 60295
                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:20.709819078 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:20.840224981 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                              Content-Length: 90
                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                              Date: Sat, 26 Oct 2024 13:44:17 GMT
                                                                                                                                                                                                                                              Age: 60303
                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:21.355086088 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:21.485666037 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                              Content-Length: 90
                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                              Date: Sat, 26 Oct 2024 13:44:17 GMT
                                                                                                                                                                                                                                              Age: 60304
                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:31.489442110 CET6OUTData Raw: 00
                                                                                                                                                                                                                                              Data Ascii:
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:41.518640995 CET6OUTData Raw: 00
                                                                                                                                                                                                                                              Data Ascii:
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:51.547110081 CET6OUTData Raw: 00
                                                                                                                                                                                                                                              Data Ascii:
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:53.382208109 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:53.512733936 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                              Content-Length: 90
                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                              Date: Sat, 26 Oct 2024 13:44:17 GMT
                                                                                                                                                                                                                                              Age: 60336
                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                              Oct 27, 2024 07:30:03.528141022 CET6OUTData Raw: 00
                                                                                                                                                                                                                                              Data Ascii:
                                                                                                                                                                                                                                              Oct 27, 2024 07:30:13.542253017 CET6OUTData Raw: 00
                                                                                                                                                                                                                                              Data Ascii:


                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                              3192.168.2.44975934.107.221.82806784C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:32.604038000 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:33.205851078 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                              Content-Length: 8
                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                              Date: Sat, 26 Oct 2024 12:39:53 GMT
                                                                                                                                                                                                                                              Age: 64120
                                                                                                                                                                                                                                              Content-Type: text/plain
                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                              Data Ascii: success
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:33.627523899 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:33.753709078 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                              Content-Length: 8
                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                              Date: Sat, 26 Oct 2024 12:39:53 GMT
                                                                                                                                                                                                                                              Age: 64120
                                                                                                                                                                                                                                              Content-Type: text/plain
                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                              Data Ascii: success
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:38.988126993 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:39.114547968 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                              Content-Length: 8
                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                              Date: Sat, 26 Oct 2024 12:39:53 GMT
                                                                                                                                                                                                                                              Age: 64126
                                                                                                                                                                                                                                              Content-Type: text/plain
                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                              Data Ascii: success
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:40.959562063 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:41.086287022 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                              Content-Length: 8
                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                              Date: Sat, 26 Oct 2024 12:39:53 GMT
                                                                                                                                                                                                                                              Age: 64128
                                                                                                                                                                                                                                              Content-Type: text/plain
                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                              Data Ascii: success
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:42.463084936 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:42.589358091 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                              Content-Length: 8
                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                              Date: Sat, 26 Oct 2024 12:39:53 GMT
                                                                                                                                                                                                                                              Age: 64129
                                                                                                                                                                                                                                              Content-Type: text/plain
                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                              Data Ascii: success
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:44.051327944 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:44.177887917 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                              Content-Length: 8
                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                              Date: Sat, 26 Oct 2024 12:39:53 GMT
                                                                                                                                                                                                                                              Age: 64131
                                                                                                                                                                                                                                              Content-Type: text/plain
                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                              Data Ascii: success
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:44.693950891 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:44.820276976 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                              Content-Length: 8
                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                              Date: Sat, 26 Oct 2024 12:39:53 GMT
                                                                                                                                                                                                                                              Age: 64131
                                                                                                                                                                                                                                              Content-Type: text/plain
                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                              Data Ascii: success
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:50.929570913 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:51.055958986 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                              Content-Length: 8
                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                              Date: Sat, 26 Oct 2024 12:39:53 GMT
                                                                                                                                                                                                                                              Age: 64137
                                                                                                                                                                                                                                              Content-Type: text/plain
                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                              Data Ascii: success
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:51.434789896 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:51.561871052 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                              Content-Length: 8
                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                              Date: Sat, 26 Oct 2024 12:39:53 GMT
                                                                                                                                                                                                                                              Age: 64138
                                                                                                                                                                                                                                              Content-Type: text/plain
                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                              Data Ascii: success
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:51.598958015 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:51.725107908 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                              Content-Length: 8
                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                              Date: Sat, 26 Oct 2024 12:39:53 GMT
                                                                                                                                                                                                                                              Age: 64138
                                                                                                                                                                                                                                              Content-Type: text/plain
                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                              Data Ascii: success
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:59.198298931 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                              Oct 27, 2024 07:28:59.325532913 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                              Content-Length: 8
                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                              Date: Sat, 26 Oct 2024 12:39:53 GMT
                                                                                                                                                                                                                                              Age: 64146
                                                                                                                                                                                                                                              Content-Type: text/plain
                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                              Data Ascii: success
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:09.335377932 CET6OUTData Raw: 00
                                                                                                                                                                                                                                              Data Ascii:
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:12.885284901 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:13.139952898 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                              Content-Length: 8
                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                              Date: Sat, 26 Oct 2024 12:39:53 GMT
                                                                                                                                                                                                                                              Age: 64159
                                                                                                                                                                                                                                              Content-Type: text/plain
                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                              Data Ascii: success
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:20.897008896 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:21.023127079 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                              Content-Length: 8
                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                              Date: Sat, 26 Oct 2024 12:39:53 GMT
                                                                                                                                                                                                                                              Age: 64167
                                                                                                                                                                                                                                              Content-Type: text/plain
                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                              Data Ascii: success
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:21.488802910 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:21.614976883 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                              Content-Length: 8
                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                              Date: Sat, 26 Oct 2024 12:39:53 GMT
                                                                                                                                                                                                                                              Age: 64168
                                                                                                                                                                                                                                              Content-Type: text/plain
                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                              Data Ascii: success
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:31.620964050 CET6OUTData Raw: 00
                                                                                                                                                                                                                                              Data Ascii:
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:41.634540081 CET6OUTData Raw: 00
                                                                                                                                                                                                                                              Data Ascii:
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:51.647084951 CET6OUTData Raw: 00
                                                                                                                                                                                                                                              Data Ascii:
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:53.518156052 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                              Oct 27, 2024 07:29:53.644171000 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                              Content-Length: 8
                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                              Date: Sat, 26 Oct 2024 12:39:53 GMT
                                                                                                                                                                                                                                              Age: 64200
                                                                                                                                                                                                                                              Content-Type: text/plain
                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                              Data Ascii: success
                                                                                                                                                                                                                                              Oct 27, 2024 07:30:03.659699917 CET6OUTData Raw: 00
                                                                                                                                                                                                                                              Data Ascii:
                                                                                                                                                                                                                                              Oct 27, 2024 07:30:13.673917055 CET6OUTData Raw: 00
                                                                                                                                                                                                                                              Data Ascii:


                                                                                                                                                                                                                                              Statistics

                                                                                                                                                                                                                                              CPU Usage

                                                                                                                                                                                                                                              Click to jump to process

                                                                                                                                                                                                                                              Memory Usage

                                                                                                                                                                                                                                              Click to jump to process

                                                                                                                                                                                                                                              High Level Behavior Distribution

                                                                                                                                                                                                                                              Click to dive into process behavior distribution

                                                                                                                                                                                                                                              Behavior

                                                                                                                                                                                                                                              Click to jump to process

                                                                                                                                                                                                                                              System Behavior

                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                              Target ID:0
                                                                                                                                                                                                                                              Start time:02:28:12
                                                                                                                                                                                                                                              Start date:27/10/2024
                                                                                                                                                                                                                                              Path:C:\Users\user\Desktop\XlKQ797V2E.exe
                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                              Commandline:"C:\Users\user\Desktop\XlKQ797V2E.exe"
                                                                                                                                                                                                                                              Imagebase:0x740000
                                                                                                                                                                                                                                              File size:919'552 bytes
                                                                                                                                                                                                                                              MD5 hash:8D1D2122C8A31716BAF394BB1E4C6F28
                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                              Reputation:low
                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                              Target ID:1
                                                                                                                                                                                                                                              Start time:02:28:13
                                                                                                                                                                                                                                              Start date:27/10/2024
                                                                                                                                                                                                                                              Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                              Commandline:taskkill /F /IM firefox.exe /T
                                                                                                                                                                                                                                              Imagebase:0xf60000
                                                                                                                                                                                                                                              File size:74'240 bytes
                                                                                                                                                                                                                                              MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                              Target ID:2
                                                                                                                                                                                                                                              Start time:02:28:13
                                                                                                                                                                                                                                              Start date:27/10/2024
                                                                                                                                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                              Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                              File size:862'208 bytes
                                                                                                                                                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                              Target ID:3
                                                                                                                                                                                                                                              Start time:02:28:15
                                                                                                                                                                                                                                              Start date:27/10/2024
                                                                                                                                                                                                                                              Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                              Commandline:taskkill /F /IM chrome.exe /T
                                                                                                                                                                                                                                              Imagebase:0xf60000
                                                                                                                                                                                                                                              File size:74'240 bytes
                                                                                                                                                                                                                                              MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                              Target ID:4
                                                                                                                                                                                                                                              Start time:02:28:15
                                                                                                                                                                                                                                              Start date:27/10/2024
                                                                                                                                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                              Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                              File size:862'208 bytes
                                                                                                                                                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                              Target ID:5
                                                                                                                                                                                                                                              Start time:02:28:16
                                                                                                                                                                                                                                              Start date:27/10/2024
                                                                                                                                                                                                                                              Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                              Commandline:taskkill /F /IM msedge.exe /T
                                                                                                                                                                                                                                              Imagebase:0xf60000
                                                                                                                                                                                                                                              File size:74'240 bytes
                                                                                                                                                                                                                                              MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                              Target ID:6
                                                                                                                                                                                                                                              Start time:02:28:16
                                                                                                                                                                                                                                              Start date:27/10/2024
                                                                                                                                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                              Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                              File size:862'208 bytes
                                                                                                                                                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                              Target ID:7
                                                                                                                                                                                                                                              Start time:02:28:16
                                                                                                                                                                                                                                              Start date:27/10/2024
                                                                                                                                                                                                                                              Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                              Commandline:taskkill /F /IM opera.exe /T
                                                                                                                                                                                                                                              Imagebase:0xf60000
                                                                                                                                                                                                                                              File size:74'240 bytes
                                                                                                                                                                                                                                              MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                              Target ID:8
                                                                                                                                                                                                                                              Start time:02:28:16
                                                                                                                                                                                                                                              Start date:27/10/2024
                                                                                                                                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                              Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                              File size:862'208 bytes
                                                                                                                                                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                              Target ID:9
                                                                                                                                                                                                                                              Start time:02:28:16
                                                                                                                                                                                                                                              Start date:27/10/2024
                                                                                                                                                                                                                                              Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                              Commandline:taskkill /F /IM brave.exe /T
                                                                                                                                                                                                                                              Imagebase:0xf60000
                                                                                                                                                                                                                                              File size:74'240 bytes
                                                                                                                                                                                                                                              MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                              Target ID:10
                                                                                                                                                                                                                                              Start time:02:28:16
                                                                                                                                                                                                                                              Start date:27/10/2024
                                                                                                                                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                              Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                              File size:862'208 bytes
                                                                                                                                                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                              Target ID:11
                                                                                                                                                                                                                                              Start time:02:28:16
                                                                                                                                                                                                                                              Start date:27/10/2024
                                                                                                                                                                                                                                              Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                              Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
                                                                                                                                                                                                                                              Imagebase:0x7ff6bf500000
                                                                                                                                                                                                                                              File size:676'768 bytes
                                                                                                                                                                                                                                              MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                              Target ID:12
                                                                                                                                                                                                                                              Start time:02:28:16
                                                                                                                                                                                                                                              Start date:27/10/2024
                                                                                                                                                                                                                                              Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                              Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation
                                                                                                                                                                                                                                              Imagebase:0x7ff6bf500000
                                                                                                                                                                                                                                              File size:676'768 bytes
                                                                                                                                                                                                                                              MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                              Target ID:13
                                                                                                                                                                                                                                              Start time:02:28:17
                                                                                                                                                                                                                                              Start date:27/10/2024
                                                                                                                                                                                                                                              Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                              Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
                                                                                                                                                                                                                                              Imagebase:0x7ff6bf500000
                                                                                                                                                                                                                                              File size:676'768 bytes
                                                                                                                                                                                                                                              MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                              Has exited:false

                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                              Target ID:15
                                                                                                                                                                                                                                              Start time:02:28:18
                                                                                                                                                                                                                                              Start date:27/10/2024
                                                                                                                                                                                                                                              Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                              Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2312 -parentBuildID 20230927232528 -prefsHandle 2256 -prefMapHandle 2248 -prefsLen 25359 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ad9adf17-56b2-4622-b491-11a7d2cd79cf} 6784 "\\.\pipe\gecko-crash-server-pipe.6784" 21561170d10 socket
                                                                                                                                                                                                                                              Imagebase:0x7ff6bf500000
                                                                                                                                                                                                                                              File size:676'768 bytes
                                                                                                                                                                                                                                              MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                              Has exited:false

                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                              Target ID:16
                                                                                                                                                                                                                                              Start time:02:28:20
                                                                                                                                                                                                                                              Start date:27/10/2024
                                                                                                                                                                                                                                              Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                              Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4052 -parentBuildID 20230927232528 -prefsHandle 4064 -prefMapHandle 4060 -prefsLen 26208 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bec8f862-863b-4d27-96b4-2cc2a1669711} 6784 "\\.\pipe\gecko-crash-server-pipe.6784" 21561142f10 rdd
                                                                                                                                                                                                                                              Imagebase:0x7ff6bf500000
                                                                                                                                                                                                                                              File size:676'768 bytes
                                                                                                                                                                                                                                              MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                              Has exited:false

                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                              Target ID:20
                                                                                                                                                                                                                                              Start time:02:28:39
                                                                                                                                                                                                                                              Start date:27/10/2024
                                                                                                                                                                                                                                              Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                              Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5148 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 5380 -prefMapHandle 1548 -prefsLen 33185 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {df6a430d-a2ca-4a6c-a2af-9981d1b358b2} 6784 "\\.\pipe\gecko-crash-server-pipe.6784" 21572a49910 utility
                                                                                                                                                                                                                                              Imagebase:0x7ff6bf500000
                                                                                                                                                                                                                                              File size:676'768 bytes
                                                                                                                                                                                                                                              MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                              Has exited:false

                                                                                                                                                                                                                                              Disassembly

                                                                                                                                                                                                                                              Reset < >

                                                                                                                                                                                                                                                Execution Graph

                                                                                                                                                                                                                                                Execution Coverage:2.1%
                                                                                                                                                                                                                                                Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                Signature Coverage:4.6%
                                                                                                                                                                                                                                                Total number of Nodes:1550
                                                                                                                                                                                                                                                Total number of Limit Nodes:48
                                                                                                                                                                                                                                                execution_graph 93949 743156 93952 743170 93949->93952 93953 743187 93952->93953 93954 74318c 93953->93954 93955 7431eb 93953->93955 93992 7431e9 93953->93992 93959 743265 PostQuitMessage 93954->93959 93960 743199 93954->93960 93957 782dfb 93955->93957 93958 7431f1 93955->93958 93956 7431d0 DefWindowProcW 93966 74316a 93956->93966 94011 7418e2 10 API calls 93957->94011 93961 74321d SetTimer RegisterWindowMessageW 93958->93961 93962 7431f8 93958->93962 93959->93966 93964 7431a4 93960->93964 93965 782e7c 93960->93965 93961->93966 93970 743246 CreatePopupMenu 93961->93970 93967 782d9c 93962->93967 93968 743201 KillTimer 93962->93968 93971 782e68 93964->93971 93972 7431ae 93964->93972 94024 7abf30 34 API calls ___scrt_fastfail 93965->94024 93974 782da1 93967->93974 93975 782dd7 MoveWindow 93967->93975 93997 7430f2 93968->93997 93969 782e1c 94012 75e499 42 API calls 93969->94012 93970->93966 94001 7ac161 93971->94001 93979 782e4d 93972->93979 93980 7431b9 93972->93980 93982 782dc6 SetFocus 93974->93982 93983 782da7 93974->93983 93975->93966 93979->93956 94023 7a0ad7 22 API calls 93979->94023 93985 7431c4 93980->93985 93986 743253 93980->93986 93981 782e8e 93981->93956 93981->93966 93982->93966 93983->93985 93987 782db0 93983->93987 93985->93956 93994 7430f2 Shell_NotifyIconW 93985->93994 94009 74326f 44 API calls ___scrt_fastfail 93986->94009 94010 7418e2 10 API calls 93987->94010 93992->93956 93993 743263 93993->93966 93995 782e41 93994->93995 94013 743837 93995->94013 93998 743154 93997->93998 93999 743104 ___scrt_fastfail 93997->93999 94008 743c50 DeleteObject DestroyWindow 93998->94008 94000 743123 Shell_NotifyIconW 93999->94000 94000->93998 94002 7ac179 ___scrt_fastfail 94001->94002 94003 7ac276 94001->94003 94025 743923 94002->94025 94003->93966 94005 7ac25f KillTimer SetTimer 94005->94003 94006 7ac1a0 94006->94005 94007 7ac251 Shell_NotifyIconW 94006->94007 94007->94005 94008->93966 94009->93993 94010->93966 94011->93969 94012->93985 94014 743862 ___scrt_fastfail 94013->94014 94137 744212 94014->94137 94017 7438e8 94019 743906 Shell_NotifyIconW 94017->94019 94020 783386 Shell_NotifyIconW 94017->94020 94021 743923 24 API calls 94019->94021 94022 74391c 94021->94022 94022->93992 94023->93992 94024->93981 94026 74393f 94025->94026 94045 743a13 94025->94045 94047 746270 94026->94047 94029 783393 LoadStringW 94032 7833ad 94029->94032 94030 74395a 94052 746b57 94030->94052 94041 743994 ___scrt_fastfail 94032->94041 94065 74a8c7 22 API calls __fread_nolock 94032->94065 94033 74396f 94034 7833c9 94033->94034 94035 74397c 94033->94035 94066 746350 22 API calls 94034->94066 94035->94032 94037 743986 94035->94037 94064 746350 22 API calls 94037->94064 94040 7833d7 94040->94041 94067 7433c6 94040->94067 94043 7439f9 Shell_NotifyIconW 94041->94043 94043->94045 94044 7833f9 94046 7433c6 22 API calls 94044->94046 94045->94006 94046->94041 94076 75fe0b 94047->94076 94049 746295 94086 75fddb 94049->94086 94051 74394d 94051->94029 94051->94030 94053 746b67 _wcslen 94052->94053 94054 784ba1 94052->94054 94057 746ba2 94053->94057 94058 746b7d 94053->94058 94112 7493b2 94054->94112 94056 784baa 94056->94056 94060 75fddb 22 API calls 94057->94060 94111 746f34 22 API calls 94058->94111 94062 746bae 94060->94062 94061 746b85 __fread_nolock 94061->94033 94063 75fe0b 22 API calls 94062->94063 94063->94061 94064->94041 94065->94041 94066->94040 94068 7830bb 94067->94068 94069 7433dd 94067->94069 94071 75fddb 22 API calls 94068->94071 94122 7433ee 94069->94122 94073 7830c5 _wcslen 94071->94073 94072 7433e8 94072->94044 94074 75fe0b 22 API calls 94073->94074 94075 7830fe __fread_nolock 94074->94075 94078 75fddb 94076->94078 94079 75fdfa 94078->94079 94082 75fdfc 94078->94082 94096 76ea0c 94078->94096 94103 764ead 7 API calls 2 library calls 94078->94103 94079->94049 94081 76066d 94105 7632a4 RaiseException 94081->94105 94082->94081 94104 7632a4 RaiseException 94082->94104 94085 76068a 94085->94049 94088 75fde0 94086->94088 94087 76ea0c ___std_exception_copy 21 API calls 94087->94088 94088->94087 94089 75fdfa 94088->94089 94091 75fdfc 94088->94091 94108 764ead 7 API calls 2 library calls 94088->94108 94089->94051 94092 76066d 94091->94092 94109 7632a4 RaiseException 94091->94109 94110 7632a4 RaiseException 94092->94110 94095 76068a 94095->94051 94101 773820 __dosmaperr 94096->94101 94097 77385e 94107 76f2d9 20 API calls __dosmaperr 94097->94107 94098 773849 RtlAllocateHeap 94100 77385c 94098->94100 94098->94101 94100->94078 94101->94097 94101->94098 94106 764ead 7 API calls 2 library calls 94101->94106 94103->94078 94104->94081 94105->94085 94106->94101 94107->94100 94108->94088 94109->94092 94110->94095 94111->94061 94113 7493c0 94112->94113 94115 7493c9 __fread_nolock 94112->94115 94113->94115 94116 74aec9 94113->94116 94115->94056 94117 74aedc 94116->94117 94118 74aed9 __fread_nolock 94116->94118 94119 75fddb 22 API calls 94117->94119 94118->94115 94120 74aee7 94119->94120 94121 75fe0b 22 API calls 94120->94121 94121->94118 94123 7433fe _wcslen 94122->94123 94124 78311d 94123->94124 94125 743411 94123->94125 94127 75fddb 22 API calls 94124->94127 94132 74a587 94125->94132 94129 783127 94127->94129 94128 74341e __fread_nolock 94128->94072 94130 75fe0b 22 API calls 94129->94130 94131 783157 __fread_nolock 94130->94131 94133 74a59d 94132->94133 94136 74a598 __fread_nolock 94132->94136 94134 78f80f 94133->94134 94135 75fe0b 22 API calls 94133->94135 94135->94136 94136->94128 94138 7438b7 94137->94138 94139 7835a4 94137->94139 94138->94017 94141 7ac874 42 API calls _strftime 94138->94141 94139->94138 94140 7835ad DestroyIcon 94139->94140 94140->94138 94141->94017 94142 742e37 94221 74a961 94142->94221 94146 742e6b 94240 743a5a 94146->94240 94148 742e7f 94247 749cb3 94148->94247 94153 782cb0 94293 7b2cf9 94153->94293 94154 742ead 94275 74a8c7 22 API calls __fread_nolock 94154->94275 94156 782cc3 94158 782ccf 94156->94158 94319 744f39 94156->94319 94162 744f39 68 API calls 94158->94162 94160 742ec3 94276 746f88 22 API calls 94160->94276 94164 782ce5 94162->94164 94163 742ecf 94165 749cb3 22 API calls 94163->94165 94325 743084 22 API calls 94164->94325 94166 742edc 94165->94166 94277 74a81b 41 API calls 94166->94277 94169 742eec 94171 749cb3 22 API calls 94169->94171 94170 782d02 94326 743084 22 API calls 94170->94326 94172 742f12 94171->94172 94278 74a81b 41 API calls 94172->94278 94175 782d1e 94176 743a5a 24 API calls 94175->94176 94177 782d44 94176->94177 94327 743084 22 API calls 94177->94327 94178 742f21 94181 74a961 22 API calls 94178->94181 94180 782d50 94328 74a8c7 22 API calls __fread_nolock 94180->94328 94183 742f3f 94181->94183 94279 743084 22 API calls 94183->94279 94184 782d5e 94329 743084 22 API calls 94184->94329 94187 742f4b 94280 764a28 40 API calls 3 library calls 94187->94280 94188 782d6d 94330 74a8c7 22 API calls __fread_nolock 94188->94330 94190 742f59 94190->94164 94191 742f63 94190->94191 94281 764a28 40 API calls 3 library calls 94191->94281 94194 742f6e 94194->94170 94196 742f78 94194->94196 94195 782d83 94331 743084 22 API calls 94195->94331 94282 764a28 40 API calls 3 library calls 94196->94282 94199 782d90 94200 742f83 94200->94175 94201 742f8d 94200->94201 94283 764a28 40 API calls 3 library calls 94201->94283 94203 742f98 94204 742fdc 94203->94204 94284 743084 22 API calls 94203->94284 94204->94188 94205 742fe8 94204->94205 94205->94199 94287 7463eb 22 API calls 94205->94287 94208 742fbf 94285 74a8c7 22 API calls __fread_nolock 94208->94285 94209 742ff8 94288 746a50 22 API calls 94209->94288 94212 742fcd 94286 743084 22 API calls 94212->94286 94214 743006 94289 7470b0 23 API calls 94214->94289 94218 743021 94219 743065 94218->94219 94290 746f88 22 API calls 94218->94290 94291 7470b0 23 API calls 94218->94291 94292 743084 22 API calls 94218->94292 94222 75fe0b 22 API calls 94221->94222 94223 74a976 94222->94223 94224 75fddb 22 API calls 94223->94224 94225 742e4d 94224->94225 94226 744ae3 94225->94226 94227 744af0 __wsopen_s 94226->94227 94228 746b57 22 API calls 94227->94228 94229 744b22 94227->94229 94228->94229 94233 744b58 94229->94233 94332 744c6d 94229->94332 94231 744c29 94232 744c5e 94231->94232 94234 749cb3 22 API calls 94231->94234 94232->94146 94233->94231 94235 749cb3 22 API calls 94233->94235 94239 744c6d 22 API calls 94233->94239 94335 74515f 94233->94335 94236 744c52 94234->94236 94235->94233 94237 74515f 22 API calls 94236->94237 94237->94232 94239->94233 94341 781f50 94240->94341 94243 749cb3 22 API calls 94244 743a8d 94243->94244 94343 743aa2 94244->94343 94246 743a97 94246->94148 94248 749cc2 _wcslen 94247->94248 94249 75fe0b 22 API calls 94248->94249 94250 749cea __fread_nolock 94249->94250 94251 75fddb 22 API calls 94250->94251 94252 742e8c 94251->94252 94253 744ecb 94252->94253 94363 744e90 LoadLibraryA 94253->94363 94258 744ef6 LoadLibraryExW 94371 744e59 LoadLibraryA 94258->94371 94259 783ccf 94261 744f39 68 API calls 94259->94261 94263 783cd6 94261->94263 94264 744e59 3 API calls 94263->94264 94266 783cde 94264->94266 94393 7450f5 94266->94393 94267 744f20 94267->94266 94268 744f2c 94267->94268 94270 744f39 68 API calls 94268->94270 94272 742ea5 94270->94272 94272->94153 94272->94154 94274 783d05 94275->94160 94276->94163 94277->94169 94278->94178 94279->94187 94280->94190 94281->94194 94282->94200 94283->94203 94284->94208 94285->94212 94286->94204 94287->94209 94288->94214 94289->94218 94290->94218 94291->94218 94292->94218 94294 7b2d15 94293->94294 94295 74511f 64 API calls 94294->94295 94296 7b2d29 94295->94296 94543 7b2e66 94296->94543 94299 7450f5 40 API calls 94300 7b2d56 94299->94300 94301 7450f5 40 API calls 94300->94301 94302 7b2d66 94301->94302 94303 7450f5 40 API calls 94302->94303 94304 7b2d81 94303->94304 94305 7450f5 40 API calls 94304->94305 94306 7b2d9c 94305->94306 94307 74511f 64 API calls 94306->94307 94308 7b2db3 94307->94308 94309 76ea0c ___std_exception_copy 21 API calls 94308->94309 94310 7b2dba 94309->94310 94311 76ea0c ___std_exception_copy 21 API calls 94310->94311 94312 7b2dc4 94311->94312 94313 7450f5 40 API calls 94312->94313 94314 7b2dd8 94313->94314 94315 7b28fe 27 API calls 94314->94315 94316 7b2dee 94315->94316 94318 7b2d3f 94316->94318 94549 7b22ce 79 API calls 94316->94549 94318->94156 94320 744f43 94319->94320 94324 744f4a 94319->94324 94550 76e678 94320->94550 94322 744f59 94322->94158 94323 744f6a FreeLibrary 94323->94322 94324->94322 94324->94323 94325->94170 94326->94175 94327->94180 94328->94184 94329->94188 94330->94195 94331->94199 94333 74aec9 22 API calls 94332->94333 94334 744c78 94333->94334 94334->94229 94336 74516e 94335->94336 94340 74518f __fread_nolock 94335->94340 94338 75fe0b 22 API calls 94336->94338 94337 75fddb 22 API calls 94339 7451a2 94337->94339 94338->94340 94339->94233 94340->94337 94342 743a67 GetModuleFileNameW 94341->94342 94342->94243 94344 781f50 __wsopen_s 94343->94344 94345 743aaf GetFullPathNameW 94344->94345 94346 743ace 94345->94346 94347 743ae9 94345->94347 94349 746b57 22 API calls 94346->94349 94357 74a6c3 94347->94357 94350 743ada 94349->94350 94353 7437a0 94350->94353 94354 7437ae 94353->94354 94355 7493b2 22 API calls 94354->94355 94356 7437c2 94355->94356 94356->94246 94358 74a6d0 94357->94358 94359 74a6dd 94357->94359 94358->94350 94360 75fddb 22 API calls 94359->94360 94361 74a6e7 94360->94361 94362 75fe0b 22 API calls 94361->94362 94362->94358 94364 744ec6 94363->94364 94365 744ea8 GetProcAddress 94363->94365 94368 76e5eb 94364->94368 94366 744eb8 94365->94366 94366->94364 94367 744ebf FreeLibrary 94366->94367 94367->94364 94401 76e52a 94368->94401 94370 744eea 94370->94258 94370->94259 94372 744e8d 94371->94372 94373 744e6e GetProcAddress 94371->94373 94376 744f80 94372->94376 94374 744e7e 94373->94374 94374->94372 94375 744e86 FreeLibrary 94374->94375 94375->94372 94377 75fe0b 22 API calls 94376->94377 94378 744f95 94377->94378 94469 745722 94378->94469 94380 744fa1 __fread_nolock 94381 7450a5 94380->94381 94382 783d1d 94380->94382 94392 744fdc 94380->94392 94472 7442a2 CreateStreamOnHGlobal 94381->94472 94483 7b304d 74 API calls 94382->94483 94385 783d22 94387 74511f 64 API calls 94385->94387 94386 7450f5 40 API calls 94386->94392 94388 783d45 94387->94388 94389 7450f5 40 API calls 94388->94389 94391 74506e messages 94389->94391 94391->94267 94392->94385 94392->94386 94392->94391 94478 74511f 94392->94478 94394 745107 94393->94394 94397 783d70 94393->94397 94505 76e8c4 94394->94505 94398 7b28fe 94526 7b274e 94398->94526 94400 7b2919 94400->94274 94403 76e536 ___BuildCatchObject 94401->94403 94402 76e544 94426 76f2d9 20 API calls __dosmaperr 94402->94426 94403->94402 94405 76e574 94403->94405 94408 76e586 94405->94408 94409 76e579 94405->94409 94406 76e549 94427 7727ec 26 API calls pre_c_initialization 94406->94427 94418 778061 94408->94418 94428 76f2d9 20 API calls __dosmaperr 94409->94428 94412 76e58f 94413 76e595 94412->94413 94414 76e5a2 94412->94414 94429 76f2d9 20 API calls __dosmaperr 94413->94429 94430 76e5d4 LeaveCriticalSection __fread_nolock 94414->94430 94415 76e554 __wsopen_s 94415->94370 94419 77806d ___BuildCatchObject 94418->94419 94431 772f5e EnterCriticalSection 94419->94431 94421 77807b 94432 7780fb 94421->94432 94425 7780ac __wsopen_s 94425->94412 94426->94406 94427->94415 94428->94415 94429->94415 94430->94415 94431->94421 94433 77811e 94432->94433 94434 778177 94433->94434 94441 778088 94433->94441 94448 76918d EnterCriticalSection 94433->94448 94449 7691a1 LeaveCriticalSection 94433->94449 94450 774c7d 94434->94450 94439 778189 94439->94441 94463 773405 11 API calls 2 library calls 94439->94463 94445 7780b7 94441->94445 94442 7781a8 94464 76918d EnterCriticalSection 94442->94464 94468 772fa6 LeaveCriticalSection 94445->94468 94447 7780be 94447->94425 94448->94433 94449->94433 94455 774c8a __dosmaperr 94450->94455 94451 774cca 94466 76f2d9 20 API calls __dosmaperr 94451->94466 94452 774cb5 RtlAllocateHeap 94453 774cc8 94452->94453 94452->94455 94457 7729c8 94453->94457 94455->94451 94455->94452 94465 764ead 7 API calls 2 library calls 94455->94465 94458 7729d3 RtlFreeHeap 94457->94458 94459 7729fc _free 94457->94459 94458->94459 94460 7729e8 94458->94460 94459->94439 94467 76f2d9 20 API calls __dosmaperr 94460->94467 94462 7729ee GetLastError 94462->94459 94463->94442 94464->94441 94465->94455 94466->94453 94467->94462 94468->94447 94470 75fddb 22 API calls 94469->94470 94471 745734 94470->94471 94471->94380 94473 7442bc FindResourceExW 94472->94473 94477 7442d9 94472->94477 94474 7835ba LoadResource 94473->94474 94473->94477 94475 7835cf SizeofResource 94474->94475 94474->94477 94476 7835e3 LockResource 94475->94476 94475->94477 94476->94477 94477->94392 94479 783d90 94478->94479 94480 74512e 94478->94480 94484 76ece3 94480->94484 94483->94385 94487 76eaaa 94484->94487 94486 74513c 94486->94392 94488 76eab6 ___BuildCatchObject 94487->94488 94489 76eac2 94488->94489 94491 76eae8 94488->94491 94500 76f2d9 20 API calls __dosmaperr 94489->94500 94502 76918d EnterCriticalSection 94491->94502 94492 76eac7 94501 7727ec 26 API calls pre_c_initialization 94492->94501 94495 76eaf4 94503 76ec0a 62 API calls 2 library calls 94495->94503 94497 76eb08 94504 76eb27 LeaveCriticalSection __fread_nolock 94497->94504 94499 76ead2 __wsopen_s 94499->94486 94500->94492 94501->94499 94502->94495 94503->94497 94504->94499 94508 76e8e1 94505->94508 94507 745118 94507->94398 94509 76e8ed ___BuildCatchObject 94508->94509 94510 76e92d 94509->94510 94511 76e925 __wsopen_s 94509->94511 94517 76e900 ___scrt_fastfail 94509->94517 94523 76918d EnterCriticalSection 94510->94523 94511->94507 94513 76e937 94524 76e6f8 38 API calls 4 library calls 94513->94524 94515 76e91a 94522 7727ec 26 API calls pre_c_initialization 94515->94522 94521 76f2d9 20 API calls __dosmaperr 94517->94521 94519 76e94e 94525 76e96c LeaveCriticalSection __fread_nolock 94519->94525 94521->94515 94522->94511 94523->94513 94524->94519 94525->94511 94529 76e4e8 94526->94529 94528 7b275d 94528->94400 94532 76e469 94529->94532 94531 76e505 94531->94528 94533 76e478 94532->94533 94535 76e48c 94532->94535 94540 76f2d9 20 API calls __dosmaperr 94533->94540 94539 76e488 __alldvrm 94535->94539 94542 77333f 11 API calls 2 library calls 94535->94542 94536 76e47d 94541 7727ec 26 API calls pre_c_initialization 94536->94541 94539->94531 94540->94536 94541->94539 94542->94539 94547 7b2e7a 94543->94547 94544 7b2d3b 94544->94299 94544->94318 94545 7450f5 40 API calls 94545->94547 94546 7b28fe 27 API calls 94546->94547 94547->94544 94547->94545 94547->94546 94548 74511f 64 API calls 94547->94548 94548->94547 94549->94318 94551 76e684 ___BuildCatchObject 94550->94551 94552 76e695 94551->94552 94553 76e6aa 94551->94553 94580 76f2d9 20 API calls __dosmaperr 94552->94580 94562 76e6a5 __wsopen_s 94553->94562 94563 76918d EnterCriticalSection 94553->94563 94555 76e69a 94581 7727ec 26 API calls pre_c_initialization 94555->94581 94558 76e6c6 94564 76e602 94558->94564 94560 76e6d1 94582 76e6ee LeaveCriticalSection __fread_nolock 94560->94582 94562->94324 94563->94558 94565 76e60f 94564->94565 94567 76e624 94564->94567 94615 76f2d9 20 API calls __dosmaperr 94565->94615 94572 76e61f 94567->94572 94583 76dc0b 94567->94583 94568 76e614 94616 7727ec 26 API calls pre_c_initialization 94568->94616 94572->94560 94576 76e646 94600 77862f 94576->94600 94579 7729c8 _free 20 API calls 94579->94572 94580->94555 94581->94562 94582->94562 94584 76dc23 94583->94584 94588 76dc1f 94583->94588 94585 76d955 __fread_nolock 26 API calls 94584->94585 94584->94588 94586 76dc43 94585->94586 94617 7759be 62 API calls 5 library calls 94586->94617 94589 774d7a 94588->94589 94590 76e640 94589->94590 94591 774d90 94589->94591 94593 76d955 94590->94593 94591->94590 94592 7729c8 _free 20 API calls 94591->94592 94592->94590 94594 76d976 94593->94594 94595 76d961 94593->94595 94594->94576 94618 76f2d9 20 API calls __dosmaperr 94595->94618 94597 76d966 94619 7727ec 26 API calls pre_c_initialization 94597->94619 94599 76d971 94599->94576 94601 778653 94600->94601 94602 77863e 94600->94602 94603 77868e 94601->94603 94607 77867a 94601->94607 94623 76f2c6 20 API calls __dosmaperr 94602->94623 94625 76f2c6 20 API calls __dosmaperr 94603->94625 94606 778643 94624 76f2d9 20 API calls __dosmaperr 94606->94624 94620 778607 94607->94620 94608 778693 94626 76f2d9 20 API calls __dosmaperr 94608->94626 94612 76e64c 94612->94572 94612->94579 94613 77869b 94627 7727ec 26 API calls pre_c_initialization 94613->94627 94615->94568 94616->94572 94617->94588 94618->94597 94619->94599 94628 778585 94620->94628 94622 77862b 94622->94612 94623->94606 94624->94612 94625->94608 94626->94613 94627->94612 94629 778591 ___BuildCatchObject 94628->94629 94639 775147 EnterCriticalSection 94629->94639 94631 77859f 94632 7785c6 94631->94632 94633 7785d1 94631->94633 94640 7786ae 94632->94640 94655 76f2d9 20 API calls __dosmaperr 94633->94655 94636 7785cc 94656 7785fb LeaveCriticalSection __wsopen_s 94636->94656 94638 7785ee __wsopen_s 94638->94622 94639->94631 94657 7753c4 94640->94657 94642 7786be 94643 7786c4 94642->94643 94644 7786f6 94642->94644 94646 7753c4 __wsopen_s 26 API calls 94642->94646 94670 775333 21 API calls 3 library calls 94643->94670 94644->94643 94647 7753c4 __wsopen_s 26 API calls 94644->94647 94649 7786ed 94646->94649 94650 778702 CloseHandle 94647->94650 94648 77871c 94651 77873e 94648->94651 94671 76f2a3 20 API calls 2 library calls 94648->94671 94652 7753c4 __wsopen_s 26 API calls 94649->94652 94650->94643 94653 77870e GetLastError 94650->94653 94651->94636 94652->94644 94653->94643 94655->94636 94656->94638 94658 7753e6 94657->94658 94659 7753d1 94657->94659 94664 77540b 94658->94664 94674 76f2c6 20 API calls __dosmaperr 94658->94674 94672 76f2c6 20 API calls __dosmaperr 94659->94672 94661 7753d6 94673 76f2d9 20 API calls __dosmaperr 94661->94673 94664->94642 94665 775416 94675 76f2d9 20 API calls __dosmaperr 94665->94675 94667 7753de 94667->94642 94668 77541e 94676 7727ec 26 API calls pre_c_initialization 94668->94676 94670->94648 94671->94651 94672->94661 94673->94667 94674->94665 94675->94668 94676->94667 94677 741033 94682 744c91 94677->94682 94681 741042 94683 74a961 22 API calls 94682->94683 94684 744cff 94683->94684 94690 743af0 94684->94690 94686 744d9c 94687 741038 94686->94687 94693 7451f7 22 API calls __fread_nolock 94686->94693 94689 7600a3 29 API calls __onexit 94687->94689 94689->94681 94694 743b1c 94690->94694 94693->94686 94695 743b0f 94694->94695 94696 743b29 94694->94696 94695->94686 94696->94695 94697 743b30 RegOpenKeyExW 94696->94697 94697->94695 94698 743b4a RegQueryValueExW 94697->94698 94699 743b80 RegCloseKey 94698->94699 94700 743b6b 94698->94700 94699->94695 94700->94699 94701 7d2a55 94709 7b1ebc 94701->94709 94704 7d2a70 94711 7a39c0 22 API calls 94704->94711 94706 7d2a87 94707 7d2a7c 94712 7a417d 22 API calls __fread_nolock 94707->94712 94710 7b1ec3 IsWindow 94709->94710 94710->94704 94710->94706 94711->94707 94712->94706 94713 74defc 94716 741d6f 94713->94716 94715 74df07 94717 741d8c 94716->94717 94725 741f6f 94717->94725 94719 741da6 94720 782759 94719->94720 94722 741e36 94719->94722 94723 741dc2 94719->94723 94729 7b359c 82 API calls __wsopen_s 94720->94729 94722->94715 94723->94722 94728 74289a 23 API calls 94723->94728 94730 74ec40 94725->94730 94727 741f98 94727->94719 94728->94722 94729->94722 94752 74ec76 messages 94730->94752 94731 760242 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 94731->94752 94732 7601f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent __Init_thread_footer 94732->94752 94734 74fef7 94747 74ed9d messages 94734->94747 94757 74a8c7 22 API calls __fread_nolock 94734->94757 94736 75fddb 22 API calls 94736->94752 94737 74a8c7 22 API calls 94737->94752 94738 794600 94738->94747 94756 74a8c7 22 API calls __fread_nolock 94738->94756 94739 794b0b 94759 7b359c 82 API calls __wsopen_s 94739->94759 94745 74fbe3 94745->94747 94748 794bdc 94745->94748 94753 74f3ae messages 94745->94753 94746 74a961 22 API calls 94746->94752 94747->94727 94760 7b359c 82 API calls __wsopen_s 94748->94760 94750 7600a3 29 API calls pre_c_initialization 94750->94752 94751 794beb 94761 7b359c 82 API calls __wsopen_s 94751->94761 94752->94731 94752->94732 94752->94734 94752->94736 94752->94737 94752->94738 94752->94739 94752->94745 94752->94746 94752->94747 94752->94750 94752->94751 94752->94753 94754 7501e0 348 API calls 2 library calls 94752->94754 94755 7506a0 41 API calls messages 94752->94755 94753->94747 94758 7b359c 82 API calls __wsopen_s 94753->94758 94754->94752 94755->94752 94756->94747 94757->94747 94758->94747 94759->94747 94760->94751 94761->94747 94762 74f7bf 94763 74fcb6 94762->94763 94764 74f7d3 94762->94764 94856 74aceb 94763->94856 94766 74fcc2 94764->94766 94767 75fddb 22 API calls 94764->94767 94768 74aceb 23 API calls 94766->94768 94769 74f7e5 94767->94769 94770 74fd3d 94768->94770 94769->94766 94769->94770 94771 74f83e 94769->94771 94866 7b1155 22 API calls 94770->94866 94787 74ed9d messages 94771->94787 94797 751310 94771->94797 94774 75fddb 22 API calls 94795 74ec76 messages 94774->94795 94776 74fef7 94776->94787 94868 74a8c7 22 API calls __fread_nolock 94776->94868 94778 794600 94778->94787 94867 74a8c7 22 API calls __fread_nolock 94778->94867 94779 794b0b 94870 7b359c 82 API calls __wsopen_s 94779->94870 94783 74a8c7 22 API calls 94783->94795 94786 760242 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 94786->94795 94788 74fbe3 94788->94787 94790 794bdc 94788->94790 94796 74f3ae messages 94788->94796 94789 74a961 22 API calls 94789->94795 94871 7b359c 82 API calls __wsopen_s 94790->94871 94792 7601f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent __Init_thread_footer 94792->94795 94793 794beb 94872 7b359c 82 API calls __wsopen_s 94793->94872 94794 7600a3 29 API calls pre_c_initialization 94794->94795 94795->94774 94795->94776 94795->94778 94795->94779 94795->94783 94795->94786 94795->94787 94795->94788 94795->94789 94795->94792 94795->94793 94795->94794 94795->94796 94854 7501e0 348 API calls 2 library calls 94795->94854 94855 7506a0 41 API calls messages 94795->94855 94796->94787 94869 7b359c 82 API calls __wsopen_s 94796->94869 94798 751376 94797->94798 94799 7517b0 94797->94799 94800 751390 94798->94800 94801 796331 94798->94801 94912 760242 5 API calls __Init_thread_wait 94799->94912 94873 751940 94800->94873 94916 7c709c 348 API calls 94801->94916 94805 7517ba 94808 749cb3 22 API calls 94805->94808 94812 7517fb 94805->94812 94807 79633d 94807->94795 94810 7517d4 94808->94810 94809 751940 9 API calls 94811 7513b6 94809->94811 94913 7601f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 94810->94913 94811->94812 94814 7513ec 94811->94814 94813 796346 94812->94813 94815 75182c 94812->94815 94917 7b359c 82 API calls __wsopen_s 94813->94917 94814->94813 94837 751408 __fread_nolock 94814->94837 94817 74aceb 23 API calls 94815->94817 94818 751839 94817->94818 94914 75d217 348 API calls 94818->94914 94821 79636e 94918 7b359c 82 API calls __wsopen_s 94821->94918 94822 75152f 94824 7963d1 94822->94824 94825 75153c 94822->94825 94920 7c5745 54 API calls _wcslen 94824->94920 94827 751940 9 API calls 94825->94827 94828 751549 94827->94828 94832 7964fa 94828->94832 94834 751940 9 API calls 94828->94834 94829 75fddb 22 API calls 94829->94837 94830 751872 94915 75faeb 23 API calls 94830->94915 94831 75fe0b 22 API calls 94831->94837 94842 796369 94832->94842 94922 7b359c 82 API calls __wsopen_s 94832->94922 94838 751563 94834->94838 94836 74ec40 348 API calls 94836->94837 94837->94818 94837->94821 94837->94822 94837->94829 94837->94831 94837->94836 94839 7963b2 94837->94839 94837->94842 94838->94832 94844 7515c7 messages 94838->94844 94921 74a8c7 22 API calls __fread_nolock 94838->94921 94919 7b359c 82 API calls __wsopen_s 94839->94919 94842->94795 94843 751940 9 API calls 94843->94844 94844->94830 94844->94832 94844->94842 94844->94843 94847 75167b messages 94844->94847 94883 7ca2ea 94844->94883 94888 75f645 94844->94888 94895 7d1591 94844->94895 94898 7b5c5a 94844->94898 94903 7cab67 94844->94903 94906 7cabf7 94844->94906 94845 75171d 94845->94795 94847->94845 94911 75ce17 22 API calls messages 94847->94911 94854->94795 94855->94795 94857 74acf9 94856->94857 94865 74ad2a messages 94856->94865 94858 74ad55 94857->94858 94859 74ad01 messages 94857->94859 94858->94865 95119 74a8c7 22 API calls __fread_nolock 94858->95119 94861 78fa48 94859->94861 94862 74ad21 94859->94862 94859->94865 94861->94865 95120 75ce17 22 API calls messages 94861->95120 94864 78fa3a VariantClear 94862->94864 94862->94865 94864->94865 94865->94766 94866->94787 94867->94787 94868->94787 94869->94787 94870->94787 94871->94793 94872->94787 94874 751981 94873->94874 94875 75195d 94873->94875 94923 760242 5 API calls __Init_thread_wait 94874->94923 94876 7513a0 94875->94876 94925 760242 5 API calls __Init_thread_wait 94875->94925 94876->94809 94878 75198b 94878->94875 94924 7601f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 94878->94924 94880 758727 94880->94876 94926 7601f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 94880->94926 94927 747510 94883->94927 94887 7ca315 94887->94844 94975 74b567 94888->94975 94890 75f659 94891 75f661 timeGetTime 94890->94891 94892 79f2dc Sleep 94890->94892 94893 74b567 39 API calls 94891->94893 94894 75f677 94893->94894 94894->94844 94981 7d2ad8 94895->94981 94897 7d159f 94897->94844 94899 747510 53 API calls 94898->94899 94900 7b5c6d 94899->94900 94992 7adbbe lstrlenW 94900->94992 94902 7b5c77 94902->94844 94997 7caff9 94903->94997 94907 7caff9 217 API calls 94906->94907 94909 7cac0c 94907->94909 94908 7cac54 94908->94844 94909->94908 94910 74aceb 23 API calls 94909->94910 94910->94908 94911->94847 94912->94805 94913->94812 94914->94830 94915->94830 94916->94807 94917->94842 94918->94842 94919->94842 94920->94838 94921->94844 94922->94842 94923->94878 94924->94875 94925->94880 94926->94876 94928 747525 94927->94928 94929 747522 94927->94929 94930 74752d 94928->94930 94931 74755b 94928->94931 94950 7ad4dc CreateToolhelp32Snapshot Process32FirstW 94929->94950 94960 7651c6 26 API calls 94930->94960 94933 7850f6 94931->94933 94936 74756d 94931->94936 94941 78500f 94931->94941 94963 765183 26 API calls 94933->94963 94934 74753d 94940 75fddb 22 API calls 94934->94940 94961 75fb21 51 API calls 94936->94961 94937 78510e 94937->94937 94942 747547 94940->94942 94944 75fe0b 22 API calls 94941->94944 94949 785088 94941->94949 94943 749cb3 22 API calls 94942->94943 94943->94929 94945 785058 94944->94945 94946 75fddb 22 API calls 94945->94946 94947 78507f 94946->94947 94948 749cb3 22 API calls 94947->94948 94948->94949 94962 75fb21 51 API calls 94949->94962 94964 7adef7 94950->94964 94952 7ad5db CloseHandle 94952->94887 94953 7ad529 Process32NextW 94953->94952 94958 7ad522 94953->94958 94954 74a961 22 API calls 94954->94958 94955 749cb3 22 API calls 94955->94958 94958->94952 94958->94953 94958->94954 94958->94955 94970 74525f 22 API calls 94958->94970 94971 746350 22 API calls 94958->94971 94972 75ce60 41 API calls 94958->94972 94960->94934 94961->94934 94962->94933 94963->94937 94965 7adf02 94964->94965 94966 7adf19 94965->94966 94969 7adf1f 94965->94969 94973 7663b2 GetStringTypeW _strftime 94965->94973 94974 7662fb 39 API calls 94966->94974 94969->94958 94970->94958 94971->94958 94972->94958 94973->94965 94974->94969 94976 74b578 94975->94976 94977 74b57f 94975->94977 94976->94977 94980 7662d1 39 API calls 94976->94980 94977->94890 94979 74b5c2 94979->94890 94980->94979 94982 74aceb 23 API calls 94981->94982 94983 7d2af3 94982->94983 94984 7d2b1d 94983->94984 94985 7d2aff 94983->94985 94986 746b57 22 API calls 94984->94986 94987 747510 53 API calls 94985->94987 94989 7d2b1b 94986->94989 94988 7d2b0c 94987->94988 94988->94989 94991 74a8c7 22 API calls __fread_nolock 94988->94991 94989->94897 94991->94989 94993 7adbdc GetFileAttributesW 94992->94993 94994 7adc06 94992->94994 94993->94994 94995 7adbe8 FindFirstFileW 94993->94995 94994->94902 94995->94994 94996 7adbf9 FindClose 94995->94996 94996->94994 94998 7cb01d ___scrt_fastfail 94997->94998 94999 7cb058 94998->94999 95000 7cb094 94998->95000 95001 74b567 39 API calls 94999->95001 95004 74b567 39 API calls 95000->95004 95006 7cb08b 95000->95006 95002 7cb063 95001->95002 95002->95006 95010 74b567 39 API calls 95002->95010 95003 7cb0ed 95007 747510 53 API calls 95003->95007 95005 7cb0a5 95004->95005 95009 74b567 39 API calls 95005->95009 95006->95003 95011 74b567 39 API calls 95006->95011 95008 7cb10b 95007->95008 95088 747620 95008->95088 95009->95006 95013 7cb078 95010->95013 95011->95003 95015 74b567 39 API calls 95013->95015 95014 7cb115 95016 7cb11f 95014->95016 95017 7cb1d8 95014->95017 95015->95006 95018 747510 53 API calls 95016->95018 95019 7cb20a GetCurrentDirectoryW 95017->95019 95022 747510 53 API calls 95017->95022 95020 7cb130 95018->95020 95021 75fe0b 22 API calls 95019->95021 95023 747620 22 API calls 95020->95023 95024 7cb22f GetCurrentDirectoryW 95021->95024 95025 7cb1ef 95022->95025 95026 7cb13a 95023->95026 95027 7cb23c 95024->95027 95028 747620 22 API calls 95025->95028 95030 747510 53 API calls 95026->95030 95032 7cb275 95027->95032 95095 749c6e 22 API calls 95027->95095 95029 7cb1f9 _wcslen 95028->95029 95029->95019 95029->95032 95031 7cb14b 95030->95031 95033 747620 22 API calls 95031->95033 95037 7cb28b 95032->95037 95038 7cb287 95032->95038 95035 7cb155 95033->95035 95039 747510 53 API calls 95035->95039 95036 7cb255 95096 749c6e 22 API calls 95036->95096 95098 7b07c0 10 API calls 95037->95098 95045 7cb2f8 95038->95045 95046 7cb39a CreateProcessW 95038->95046 95042 7cb166 95039->95042 95047 747620 22 API calls 95042->95047 95043 7cb265 95097 749c6e 22 API calls 95043->95097 95044 7cb294 95099 7b06e6 10 API calls 95044->95099 95101 7a11c8 39 API calls 95045->95101 95067 7cb32f _wcslen 95046->95067 95051 7cb170 95047->95051 95052 7cb1a6 GetSystemDirectoryW 95051->95052 95055 747510 53 API calls 95051->95055 95057 75fe0b 22 API calls 95052->95057 95053 7cb2aa 95100 7b05a7 8 API calls 95053->95100 95054 7cb2fd 95058 7cb32a 95054->95058 95059 7cb323 95054->95059 95061 7cb187 95055->95061 95064 7cb1cb GetSystemDirectoryW 95057->95064 95103 7a14ce 6 API calls 95058->95103 95102 7a1201 128 API calls 2 library calls 95059->95102 95066 747620 22 API calls 95061->95066 95063 7cb2d0 95063->95038 95064->95027 95065 7cb328 95065->95067 95068 7cb191 _wcslen 95066->95068 95069 7cb42f CloseHandle 95067->95069 95070 7cb3d6 GetLastError 95067->95070 95068->95027 95068->95052 95071 7cb43f 95069->95071 95087 7cb49a 95069->95087 95080 7cb41a 95070->95080 95073 7cb446 CloseHandle 95071->95073 95074 7cb451 95071->95074 95073->95074 95076 7cb458 CloseHandle 95074->95076 95077 7cb463 95074->95077 95075 7cb4a6 95075->95080 95076->95077 95078 7cb46a CloseHandle 95077->95078 95079 7cb475 95077->95079 95078->95079 95104 7b09d9 34 API calls 95079->95104 95092 7b0175 95080->95092 95083 7cb4d2 CloseHandle 95083->95080 95085 7cb486 95105 7cb536 25 API calls 95085->95105 95087->95075 95087->95083 95089 74762a _wcslen 95088->95089 95090 75fe0b 22 API calls 95089->95090 95091 74763f 95090->95091 95091->95014 95106 7b030f 95092->95106 95095->95036 95096->95043 95097->95032 95098->95044 95099->95053 95100->95063 95101->95054 95102->95065 95103->95067 95104->95085 95105->95087 95107 7b0329 95106->95107 95108 7b0321 CloseHandle 95106->95108 95109 7b032e CloseHandle 95107->95109 95110 7b0336 95107->95110 95108->95107 95109->95110 95111 7b033b CloseHandle 95110->95111 95112 7b0343 95110->95112 95111->95112 95113 7b0348 CloseHandle 95112->95113 95114 7b0350 95112->95114 95113->95114 95115 7b035d 95114->95115 95116 7b0355 CloseHandle 95114->95116 95117 7b017d 95115->95117 95118 7b0362 CloseHandle 95115->95118 95116->95115 95117->94844 95118->95117 95119->94865 95120->94865 95121 741098 95126 7442de 95121->95126 95125 7410a7 95127 74a961 22 API calls 95126->95127 95128 7442f5 GetVersionExW 95127->95128 95129 746b57 22 API calls 95128->95129 95130 744342 95129->95130 95131 7493b2 22 API calls 95130->95131 95135 744378 95130->95135 95132 74436c 95131->95132 95134 7437a0 22 API calls 95132->95134 95133 74441b GetCurrentProcess IsWow64Process 95136 744437 95133->95136 95134->95135 95135->95133 95142 7837df 95135->95142 95137 74444f LoadLibraryA 95136->95137 95138 783824 GetSystemInfo 95136->95138 95139 744460 GetProcAddress 95137->95139 95140 74449c GetSystemInfo 95137->95140 95139->95140 95143 744470 GetNativeSystemInfo 95139->95143 95141 744476 95140->95141 95144 74109d 95141->95144 95145 74447a FreeLibrary 95141->95145 95143->95141 95146 7600a3 29 API calls __onexit 95144->95146 95145->95144 95146->95125 95147 793f75 95158 75ceb1 95147->95158 95149 793f8b 95150 794006 95149->95150 95225 75e300 23 API calls 95149->95225 95167 74bf40 95150->95167 95153 793fe6 95154 794052 95153->95154 95226 7b1abf 22 API calls 95153->95226 95156 794a88 95154->95156 95227 7b359c 82 API calls __wsopen_s 95154->95227 95159 75ced2 95158->95159 95160 75cebf 95158->95160 95162 75cf05 95159->95162 95163 75ced7 95159->95163 95161 74aceb 23 API calls 95160->95161 95166 75cec9 95161->95166 95165 74aceb 23 API calls 95162->95165 95164 75fddb 22 API calls 95163->95164 95164->95166 95165->95166 95166->95149 95228 74adf0 95167->95228 95169 74bf9d 95170 74bfa9 95169->95170 95171 7904b6 95169->95171 95172 7904c6 95170->95172 95173 74c01e 95170->95173 95246 7b359c 82 API calls __wsopen_s 95171->95246 95247 7b359c 82 API calls __wsopen_s 95172->95247 95233 74ac91 95173->95233 95177 74c603 95177->95154 95178 7a7120 22 API calls 95198 74c039 __fread_nolock messages 95178->95198 95179 74c7da 95183 75fe0b 22 API calls 95179->95183 95188 74c808 __fread_nolock 95183->95188 95185 7904f5 95189 79055a 95185->95189 95248 75d217 348 API calls 95185->95248 95194 75fe0b 22 API calls 95188->95194 95189->95177 95249 7b359c 82 API calls __wsopen_s 95189->95249 95190 74ec40 348 API calls 95190->95198 95191 75fddb 22 API calls 95191->95198 95192 74af8a 22 API calls 95192->95198 95193 79091a 95258 7b3209 23 API calls 95193->95258 95197 74c350 __fread_nolock messages 95194->95197 95211 74c3ac 95197->95211 95245 75ce17 22 API calls messages 95197->95245 95198->95177 95198->95178 95198->95179 95198->95185 95198->95188 95198->95189 95198->95190 95198->95191 95198->95192 95198->95193 95199 7908a5 95198->95199 95203 790591 95198->95203 95204 7908f6 95198->95204 95208 74c237 95198->95208 95210 74bbe0 40 API calls 95198->95210 95212 74aceb 23 API calls 95198->95212 95220 7909bf 95198->95220 95224 75fe0b 22 API calls 95198->95224 95237 74ad81 95198->95237 95251 7a7099 22 API calls __fread_nolock 95198->95251 95252 7c5745 54 API calls _wcslen 95198->95252 95253 75aa42 22 API calls messages 95198->95253 95254 7af05c 40 API calls 95198->95254 95255 74a993 41 API calls 95198->95255 95200 74ec40 348 API calls 95199->95200 95202 7908cf 95200->95202 95202->95177 95256 74a81b 41 API calls 95202->95256 95250 7b359c 82 API calls __wsopen_s 95203->95250 95257 7b359c 82 API calls __wsopen_s 95204->95257 95215 74c253 95208->95215 95259 74a8c7 22 API calls __fread_nolock 95208->95259 95210->95198 95211->95154 95212->95198 95214 790976 95217 74aceb 23 API calls 95214->95217 95215->95214 95218 74c297 messages 95215->95218 95217->95220 95219 74aceb 23 API calls 95218->95219 95218->95220 95221 74c335 95219->95221 95220->95177 95260 7b359c 82 API calls __wsopen_s 95220->95260 95221->95220 95222 74c342 95221->95222 95244 74a704 22 API calls messages 95222->95244 95224->95198 95225->95153 95226->95150 95227->95156 95229 74ae01 95228->95229 95232 74ae1c messages 95228->95232 95230 74aec9 22 API calls 95229->95230 95231 74ae09 CharUpperBuffW 95230->95231 95231->95232 95232->95169 95234 74acae 95233->95234 95235 74acd1 95234->95235 95261 7b359c 82 API calls __wsopen_s 95234->95261 95235->95198 95238 78fadb 95237->95238 95239 74ad92 95237->95239 95240 75fddb 22 API calls 95239->95240 95241 74ad99 95240->95241 95262 74adcd 95241->95262 95244->95197 95245->95197 95246->95172 95247->95177 95248->95189 95249->95177 95250->95177 95251->95198 95252->95198 95253->95198 95254->95198 95255->95198 95256->95204 95257->95177 95258->95208 95259->95215 95260->95177 95261->95235 95266 74addd 95262->95266 95263 74adb6 95263->95198 95264 75fddb 22 API calls 95264->95266 95265 74a961 22 API calls 95265->95266 95266->95263 95266->95264 95266->95265 95268 74adcd 22 API calls 95266->95268 95269 74a8c7 22 API calls __fread_nolock 95266->95269 95268->95266 95269->95266 95270 7603fb 95271 760407 ___BuildCatchObject 95270->95271 95299 75feb1 95271->95299 95273 76040e 95274 760561 95273->95274 95277 760438 95273->95277 95329 76083f IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter ___scrt_fastfail 95274->95329 95276 760568 95322 764e52 95276->95322 95288 760477 ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock 95277->95288 95310 77247d 95277->95310 95284 760457 95286 7604d8 95318 760959 95286->95318 95288->95286 95325 764e1a 38 API calls 2 library calls 95288->95325 95290 7604de 95291 7604f3 95290->95291 95326 760992 GetModuleHandleW 95291->95326 95293 7604fa 95293->95276 95294 7604fe 95293->95294 95295 760507 95294->95295 95327 764df5 28 API calls _abort 95294->95327 95328 760040 13 API calls 2 library calls 95295->95328 95298 76050f 95298->95284 95300 75feba 95299->95300 95331 760698 IsProcessorFeaturePresent 95300->95331 95302 75fec6 95332 762c94 10 API calls 3 library calls 95302->95332 95304 75fecb 95309 75fecf 95304->95309 95333 772317 95304->95333 95306 75fee6 95306->95273 95309->95273 95311 772494 95310->95311 95312 760a8c CatchGuardHandler 5 API calls 95311->95312 95313 760451 95312->95313 95313->95284 95314 772421 95313->95314 95315 772450 95314->95315 95316 760a8c CatchGuardHandler 5 API calls 95315->95316 95317 772479 95316->95317 95317->95288 95392 762340 95318->95392 95321 76097f 95321->95290 95394 764bcf 95322->95394 95325->95286 95326->95293 95327->95295 95328->95298 95329->95276 95331->95302 95332->95304 95337 77d1f6 95333->95337 95336 762cbd 8 API calls 3 library calls 95336->95309 95338 77d213 95337->95338 95341 77d20f 95337->95341 95338->95341 95343 774bfb 95338->95343 95340 75fed8 95340->95306 95340->95336 95355 760a8c 95341->95355 95344 774c07 ___BuildCatchObject 95343->95344 95362 772f5e EnterCriticalSection 95344->95362 95346 774c0e 95363 7750af 95346->95363 95348 774c1d 95354 774c2c 95348->95354 95376 774a8f 29 API calls 95348->95376 95351 774c27 95377 774b45 GetStdHandle GetFileType 95351->95377 95353 774c3d __wsopen_s 95353->95338 95378 774c48 LeaveCriticalSection _abort 95354->95378 95356 760a97 IsProcessorFeaturePresent 95355->95356 95357 760a95 95355->95357 95359 760c5d 95356->95359 95357->95340 95391 760c21 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 95359->95391 95361 760d40 95361->95340 95362->95346 95364 7750bb ___BuildCatchObject 95363->95364 95365 7750df 95364->95365 95366 7750c8 95364->95366 95379 772f5e EnterCriticalSection 95365->95379 95387 76f2d9 20 API calls __dosmaperr 95366->95387 95369 7750cd 95388 7727ec 26 API calls pre_c_initialization 95369->95388 95371 775117 95389 77513e LeaveCriticalSection _abort 95371->95389 95372 7750d7 __wsopen_s 95372->95348 95373 7750eb 95373->95371 95380 775000 95373->95380 95376->95351 95377->95354 95378->95353 95379->95373 95381 774c7d __dosmaperr 20 API calls 95380->95381 95383 775012 95381->95383 95382 77501f 95384 7729c8 _free 20 API calls 95382->95384 95383->95382 95390 773405 11 API calls 2 library calls 95383->95390 95385 775071 95384->95385 95385->95373 95387->95369 95388->95372 95389->95372 95390->95383 95391->95361 95393 76096c GetStartupInfoW 95392->95393 95393->95321 95395 764bdb _abort 95394->95395 95396 764bf4 95395->95396 95397 764be2 95395->95397 95418 772f5e EnterCriticalSection 95396->95418 95433 764d29 GetModuleHandleW 95397->95433 95400 764be7 95400->95396 95434 764d6d GetModuleHandleExW 95400->95434 95401 764bfb 95405 764c70 95401->95405 95417 764c99 95401->95417 95419 7721a8 95401->95419 95409 764c88 95405->95409 95413 772421 _abort 5 API calls 95405->95413 95407 764cb6 95425 764ce8 95407->95425 95408 764ce2 95442 781d29 5 API calls CatchGuardHandler 95408->95442 95414 772421 _abort 5 API calls 95409->95414 95413->95409 95414->95417 95422 764cd9 95417->95422 95418->95401 95443 771ee1 95419->95443 95462 772fa6 LeaveCriticalSection 95422->95462 95424 764cb2 95424->95407 95424->95408 95463 77360c 95425->95463 95428 764d16 95430 764d6d _abort 8 API calls 95428->95430 95429 764cf6 GetPEB 95429->95428 95431 764d06 GetCurrentProcess TerminateProcess 95429->95431 95432 764d1e ExitProcess 95430->95432 95431->95428 95433->95400 95435 764d97 GetProcAddress 95434->95435 95436 764dba 95434->95436 95437 764dac 95435->95437 95438 764dc0 FreeLibrary 95436->95438 95439 764dc9 95436->95439 95437->95436 95438->95439 95440 760a8c CatchGuardHandler 5 API calls 95439->95440 95441 764bf3 95440->95441 95441->95396 95446 771e90 95443->95446 95445 771f05 95445->95405 95447 771e9c ___BuildCatchObject 95446->95447 95454 772f5e EnterCriticalSection 95447->95454 95449 771eaa 95455 771f31 95449->95455 95453 771ec8 __wsopen_s 95453->95445 95454->95449 95458 771f59 95455->95458 95459 771f51 95455->95459 95456 760a8c CatchGuardHandler 5 API calls 95457 771eb7 95456->95457 95461 771ed5 LeaveCriticalSection _abort 95457->95461 95458->95459 95460 7729c8 _free 20 API calls 95458->95460 95459->95456 95460->95459 95461->95453 95462->95424 95464 773627 95463->95464 95465 773631 95463->95465 95467 760a8c CatchGuardHandler 5 API calls 95464->95467 95470 772fd7 5 API calls 2 library calls 95465->95470 95468 764cf2 95467->95468 95468->95428 95468->95429 95469 773648 95469->95464 95470->95469 95471 74105b 95476 74344d 95471->95476 95473 74106a 95507 7600a3 29 API calls __onexit 95473->95507 95475 741074 95477 74345d __wsopen_s 95476->95477 95478 74a961 22 API calls 95477->95478 95479 743513 95478->95479 95480 743a5a 24 API calls 95479->95480 95481 74351c 95480->95481 95508 743357 95481->95508 95484 7433c6 22 API calls 95485 743535 95484->95485 95486 74515f 22 API calls 95485->95486 95487 743544 95486->95487 95488 74a961 22 API calls 95487->95488 95489 74354d 95488->95489 95490 74a6c3 22 API calls 95489->95490 95491 743556 RegOpenKeyExW 95490->95491 95492 783176 RegQueryValueExW 95491->95492 95496 743578 95491->95496 95493 78320c RegCloseKey 95492->95493 95494 783193 95492->95494 95493->95496 95506 78321e _wcslen 95493->95506 95495 75fe0b 22 API calls 95494->95495 95497 7831ac 95495->95497 95496->95473 95498 745722 22 API calls 95497->95498 95499 7831b7 RegQueryValueExW 95498->95499 95501 7831d4 95499->95501 95503 7831ee messages 95499->95503 95500 744c6d 22 API calls 95500->95506 95502 746b57 22 API calls 95501->95502 95502->95503 95503->95493 95504 749cb3 22 API calls 95504->95506 95505 74515f 22 API calls 95505->95506 95506->95496 95506->95500 95506->95504 95506->95505 95507->95475 95509 781f50 __wsopen_s 95508->95509 95510 743364 GetFullPathNameW 95509->95510 95511 743386 95510->95511 95512 746b57 22 API calls 95511->95512 95513 7433a4 95512->95513 95513->95484 95514 741044 95519 7410f3 95514->95519 95516 74104a 95555 7600a3 29 API calls __onexit 95516->95555 95518 741054 95556 741398 95519->95556 95523 74116a 95524 74a961 22 API calls 95523->95524 95525 741174 95524->95525 95526 74a961 22 API calls 95525->95526 95527 74117e 95526->95527 95528 74a961 22 API calls 95527->95528 95529 741188 95528->95529 95530 74a961 22 API calls 95529->95530 95531 7411c6 95530->95531 95532 74a961 22 API calls 95531->95532 95533 741292 95532->95533 95566 74171c 95533->95566 95537 7412c4 95538 74a961 22 API calls 95537->95538 95539 7412ce 95538->95539 95540 751940 9 API calls 95539->95540 95541 7412f9 95540->95541 95587 741aab 95541->95587 95543 741315 95544 741325 GetStdHandle 95543->95544 95545 782485 95544->95545 95546 74137a 95544->95546 95545->95546 95547 78248e 95545->95547 95549 741387 OleInitialize 95546->95549 95548 75fddb 22 API calls 95547->95548 95550 782495 95548->95550 95549->95516 95594 7b011d InitializeCriticalSectionAndSpinCount InterlockedExchange GetCurrentProcess GetCurrentProcess DuplicateHandle 95550->95594 95552 78249e 95595 7b0944 CreateThread 95552->95595 95554 7824aa CloseHandle 95554->95546 95555->95518 95596 7413f1 95556->95596 95559 7413f1 22 API calls 95560 7413d0 95559->95560 95561 74a961 22 API calls 95560->95561 95562 7413dc 95561->95562 95563 746b57 22 API calls 95562->95563 95564 741129 95563->95564 95565 741bc3 6 API calls 95564->95565 95565->95523 95567 74a961 22 API calls 95566->95567 95568 74172c 95567->95568 95569 74a961 22 API calls 95568->95569 95570 741734 95569->95570 95571 74a961 22 API calls 95570->95571 95572 74174f 95571->95572 95573 75fddb 22 API calls 95572->95573 95574 74129c 95573->95574 95575 741b4a 95574->95575 95576 741b58 95575->95576 95577 74a961 22 API calls 95576->95577 95578 741b63 95577->95578 95579 74a961 22 API calls 95578->95579 95580 741b6e 95579->95580 95581 74a961 22 API calls 95580->95581 95582 741b79 95581->95582 95583 74a961 22 API calls 95582->95583 95584 741b84 95583->95584 95585 75fddb 22 API calls 95584->95585 95586 741b96 RegisterWindowMessageW 95585->95586 95586->95537 95588 78272d 95587->95588 95589 741abb 95587->95589 95603 7b3209 23 API calls 95588->95603 95590 75fddb 22 API calls 95589->95590 95593 741ac3 95590->95593 95592 782738 95593->95543 95594->95552 95595->95554 95604 7b092a 28 API calls 95595->95604 95597 74a961 22 API calls 95596->95597 95598 7413fc 95597->95598 95599 74a961 22 API calls 95598->95599 95600 741404 95599->95600 95601 74a961 22 API calls 95600->95601 95602 7413c6 95601->95602 95602->95559 95603->95592 95605 778402 95610 7781be 95605->95610 95609 77842a 95615 7781ef try_get_first_available_module 95610->95615 95612 7783ee 95629 7727ec 26 API calls pre_c_initialization 95612->95629 95614 778343 95614->95609 95622 780984 95614->95622 95621 778338 95615->95621 95625 768e0b 40 API calls 2 library calls 95615->95625 95617 77838c 95617->95621 95626 768e0b 40 API calls 2 library calls 95617->95626 95619 7783ab 95619->95621 95627 768e0b 40 API calls 2 library calls 95619->95627 95621->95614 95628 76f2d9 20 API calls __dosmaperr 95621->95628 95630 780081 95622->95630 95624 78099f 95624->95609 95625->95617 95626->95619 95627->95621 95628->95612 95629->95614 95633 78008d ___BuildCatchObject 95630->95633 95631 78009b 95687 76f2d9 20 API calls __dosmaperr 95631->95687 95633->95631 95635 7800d4 95633->95635 95634 7800a0 95688 7727ec 26 API calls pre_c_initialization 95634->95688 95641 78065b 95635->95641 95639 7800aa __wsopen_s 95639->95624 95642 780678 95641->95642 95643 78068d 95642->95643 95644 7806a6 95642->95644 95704 76f2c6 20 API calls __dosmaperr 95643->95704 95690 775221 95644->95690 95647 780692 95705 76f2d9 20 API calls __dosmaperr 95647->95705 95648 7806ab 95649 7806cb 95648->95649 95650 7806b4 95648->95650 95703 78039a CreateFileW 95649->95703 95706 76f2c6 20 API calls __dosmaperr 95650->95706 95654 7806b9 95707 76f2d9 20 API calls __dosmaperr 95654->95707 95655 7800f8 95689 780121 LeaveCriticalSection __wsopen_s 95655->95689 95657 780781 GetFileType 95658 78078c GetLastError 95657->95658 95659 7807d3 95657->95659 95710 76f2a3 20 API calls 2 library calls 95658->95710 95712 77516a 21 API calls 3 library calls 95659->95712 95660 780756 GetLastError 95709 76f2a3 20 API calls 2 library calls 95660->95709 95662 780704 95662->95657 95662->95660 95708 78039a CreateFileW 95662->95708 95664 78079a CloseHandle 95664->95647 95666 7807c3 95664->95666 95711 76f2d9 20 API calls __dosmaperr 95666->95711 95668 780749 95668->95657 95668->95660 95670 7807f4 95672 780840 95670->95672 95713 7805ab 72 API calls 4 library calls 95670->95713 95671 7807c8 95671->95647 95676 78086d 95672->95676 95714 78014d 72 API calls 4 library calls 95672->95714 95675 780866 95675->95676 95677 78087e 95675->95677 95678 7786ae __wsopen_s 29 API calls 95676->95678 95677->95655 95679 7808fc CloseHandle 95677->95679 95678->95655 95715 78039a CreateFileW 95679->95715 95681 780927 95682 780931 GetLastError 95681->95682 95683 78095d 95681->95683 95716 76f2a3 20 API calls 2 library calls 95682->95716 95683->95655 95685 78093d 95717 775333 21 API calls 3 library calls 95685->95717 95687->95634 95688->95639 95689->95639 95691 77522d ___BuildCatchObject 95690->95691 95718 772f5e EnterCriticalSection 95691->95718 95693 77527b 95719 77532a 95693->95719 95694 775234 95694->95693 95695 775259 95694->95695 95700 7752c7 EnterCriticalSection 95694->95700 95697 775000 __wsopen_s 21 API calls 95695->95697 95699 77525e 95697->95699 95698 7752a4 __wsopen_s 95698->95648 95699->95693 95722 775147 EnterCriticalSection 95699->95722 95700->95693 95701 7752d4 LeaveCriticalSection 95700->95701 95701->95694 95703->95662 95704->95647 95705->95655 95706->95654 95707->95647 95708->95668 95709->95647 95710->95664 95711->95671 95712->95670 95713->95672 95714->95675 95715->95681 95716->95685 95717->95683 95718->95694 95723 772fa6 LeaveCriticalSection 95719->95723 95721 775331 95721->95698 95722->95693 95723->95721 95724 742de3 95725 742df0 __wsopen_s 95724->95725 95726 782c2b ___scrt_fastfail 95725->95726 95727 742e09 95725->95727 95729 782c47 GetOpenFileNameW 95726->95729 95728 743aa2 23 API calls 95727->95728 95730 742e12 95728->95730 95731 782c96 95729->95731 95740 742da5 95730->95740 95733 746b57 22 API calls 95731->95733 95735 782cab 95733->95735 95735->95735 95737 742e27 95758 7444a8 95737->95758 95741 781f50 __wsopen_s 95740->95741 95742 742db2 GetLongPathNameW 95741->95742 95743 746b57 22 API calls 95742->95743 95744 742dda 95743->95744 95745 743598 95744->95745 95746 74a961 22 API calls 95745->95746 95747 7435aa 95746->95747 95748 743aa2 23 API calls 95747->95748 95749 7435b5 95748->95749 95750 7435c0 95749->95750 95753 7832eb 95749->95753 95752 74515f 22 API calls 95750->95752 95754 7435cc 95752->95754 95756 78330d 95753->95756 95793 75ce60 41 API calls 95753->95793 95787 7435f3 95754->95787 95757 7435df 95757->95737 95759 744ecb 94 API calls 95758->95759 95760 7444cd 95759->95760 95761 783833 95760->95761 95762 744ecb 94 API calls 95760->95762 95763 7b2cf9 80 API calls 95761->95763 95764 7444e1 95762->95764 95765 783848 95763->95765 95764->95761 95766 7444e9 95764->95766 95767 783869 95765->95767 95768 78384c 95765->95768 95771 7444f5 95766->95771 95772 783854 95766->95772 95770 75fe0b 22 API calls 95767->95770 95769 744f39 68 API calls 95768->95769 95769->95772 95784 7838ae 95770->95784 95794 74940c 136 API calls 2 library calls 95771->95794 95795 7ada5a 82 API calls 95772->95795 95775 783862 95775->95767 95776 742e31 95777 744f39 68 API calls 95780 783a5f 95777->95780 95780->95777 95801 7a989b 82 API calls __wsopen_s 95780->95801 95783 749cb3 22 API calls 95783->95784 95784->95780 95784->95783 95796 7a967e 22 API calls __fread_nolock 95784->95796 95797 7a95ad 42 API calls _wcslen 95784->95797 95798 7b0b5a 22 API calls 95784->95798 95799 74a4a1 22 API calls __fread_nolock 95784->95799 95800 743ff7 22 API calls 95784->95800 95788 743605 95787->95788 95792 743624 __fread_nolock 95787->95792 95791 75fe0b 22 API calls 95788->95791 95789 75fddb 22 API calls 95790 74363b 95789->95790 95790->95757 95791->95792 95792->95789 95793->95753 95794->95776 95795->95775 95796->95784 95797->95784 95798->95784 95799->95784 95800->95784 95801->95780 95802 792a00 95818 74d7b0 messages 95802->95818 95803 74db11 PeekMessageW 95803->95818 95804 74d807 GetInputState 95804->95803 95804->95818 95805 791cbe TranslateAcceleratorW 95805->95818 95807 74db8f PeekMessageW 95807->95818 95808 74da04 timeGetTime 95808->95818 95809 74db73 TranslateMessage DispatchMessageW 95809->95807 95810 74dbaf Sleep 95810->95818 95811 792b74 Sleep 95824 792a51 95811->95824 95814 791dda timeGetTime 95848 75e300 23 API calls 95814->95848 95815 7ad4dc 47 API calls 95815->95824 95817 792c0b GetExitCodeProcess 95819 792c21 WaitForSingleObject 95817->95819 95820 792c37 CloseHandle 95817->95820 95818->95803 95818->95804 95818->95805 95818->95807 95818->95808 95818->95809 95818->95810 95818->95811 95818->95814 95822 74d9d5 95818->95822 95818->95824 95830 74ec40 348 API calls 95818->95830 95831 751310 348 API calls 95818->95831 95832 74bf40 348 API calls 95818->95832 95834 74dd50 95818->95834 95841 75edf6 95818->95841 95846 74dfd0 348 API calls 3 library calls 95818->95846 95847 75e551 timeGetTime 95818->95847 95849 7b3a2a 23 API calls 95818->95849 95850 7b359c 82 API calls __wsopen_s 95818->95850 95819->95818 95819->95820 95820->95824 95821 7d29bf GetForegroundWindow 95821->95824 95824->95815 95824->95817 95824->95818 95824->95821 95824->95822 95825 792ca9 Sleep 95824->95825 95851 7c5658 23 API calls 95824->95851 95852 7ae97b QueryPerformanceCounter QueryPerformanceFrequency Sleep QueryPerformanceCounter Sleep 95824->95852 95853 75e551 timeGetTime 95824->95853 95825->95818 95830->95818 95831->95818 95832->95818 95835 74dd83 95834->95835 95836 74dd6f 95834->95836 95886 7b359c 82 API calls __wsopen_s 95835->95886 95854 74d260 95836->95854 95839 74dd7a 95839->95818 95840 792f75 95840->95840 95842 75ee09 95841->95842 95844 75ee12 95841->95844 95842->95818 95843 75ee36 IsDialogMessageW 95843->95842 95843->95844 95844->95842 95844->95843 95845 79efaf GetClassLongW 95844->95845 95845->95843 95845->95844 95846->95818 95847->95818 95848->95818 95849->95818 95850->95818 95851->95824 95852->95824 95853->95824 95855 74ec40 348 API calls 95854->95855 95865 74d29d 95855->95865 95856 791bc4 95892 7b359c 82 API calls __wsopen_s 95856->95892 95858 74d6d5 95860 74d30b messages 95858->95860 95871 75fe0b 22 API calls 95858->95871 95859 74d3c3 95859->95858 95862 74d3ce 95859->95862 95860->95839 95861 74d5ff 95863 74d614 95861->95863 95864 791bb5 95861->95864 95867 75fddb 22 API calls 95862->95867 95868 75fddb 22 API calls 95863->95868 95891 7c5705 23 API calls 95864->95891 95865->95856 95865->95858 95865->95859 95865->95860 95866 74d4b8 95865->95866 95870 75fddb 22 API calls 95865->95870 95881 74d429 __fread_nolock messages 95865->95881 95872 75fe0b 22 API calls 95866->95872 95874 74d3d5 __fread_nolock 95867->95874 95879 74d46a 95868->95879 95870->95865 95871->95874 95872->95881 95873 75fddb 22 API calls 95875 74d3f6 95873->95875 95874->95873 95874->95875 95875->95881 95887 74bec0 348 API calls 95875->95887 95877 791ba4 95890 7b359c 82 API calls __wsopen_s 95877->95890 95879->95839 95880 741f6f 348 API calls 95880->95881 95881->95861 95881->95877 95881->95879 95881->95880 95882 791b7f 95881->95882 95884 791b5d 95881->95884 95889 7b359c 82 API calls __wsopen_s 95882->95889 95888 7b359c 82 API calls __wsopen_s 95884->95888 95886->95840 95887->95881 95888->95879 95889->95879 95890->95879 95891->95856 95892->95860 95893 741cad SystemParametersInfoW 95894 782402 95897 741410 95894->95897 95898 7824b8 DestroyWindow 95897->95898 95899 74144f mciSendStringW 95897->95899 95911 7824c4 95898->95911 95900 7416c6 95899->95900 95901 74146b 95899->95901 95900->95901 95903 7416d5 UnregisterHotKey 95900->95903 95902 741479 95901->95902 95901->95911 95930 74182e 95902->95930 95903->95900 95905 782509 95912 78252d 95905->95912 95913 78251c FreeLibrary 95905->95913 95906 7824d8 95906->95911 95936 746246 CloseHandle 95906->95936 95907 7824e2 FindClose 95907->95911 95910 74148e 95910->95912 95918 74149c 95910->95918 95911->95905 95911->95906 95911->95907 95914 782541 VirtualFree 95912->95914 95921 741509 95912->95921 95913->95905 95914->95912 95915 7414f8 CoUninitialize 95915->95921 95916 741514 95920 741524 95916->95920 95917 782589 95923 782598 messages 95917->95923 95937 7b32eb 6 API calls messages 95917->95937 95918->95915 95934 741944 VirtualFreeEx CloseHandle 95920->95934 95921->95916 95921->95917 95926 782627 95923->95926 95938 7a64d4 22 API calls messages 95923->95938 95925 74153a 95925->95923 95927 74161f 95925->95927 95926->95926 95927->95926 95935 741876 CloseHandle InternetCloseHandle InternetCloseHandle WaitForSingleObject 95927->95935 95929 7416c1 95932 74183b 95930->95932 95931 741480 95931->95905 95931->95910 95932->95931 95939 7a702a 22 API calls 95932->95939 95934->95925 95935->95929 95936->95906 95937->95917 95938->95923 95939->95932 95940 782ba5 95941 742b25 95940->95941 95942 782baf 95940->95942 95968 742b83 7 API calls 95941->95968 95944 743a5a 24 API calls 95942->95944 95946 782bb8 95944->95946 95948 749cb3 22 API calls 95946->95948 95950 782bc6 95948->95950 95949 742b2f 95954 743837 49 API calls 95949->95954 95958 742b44 95949->95958 95951 782bce 95950->95951 95952 782bf5 95950->95952 95955 7433c6 22 API calls 95951->95955 95953 7433c6 22 API calls 95952->95953 95966 782bf1 GetForegroundWindow ShellExecuteW 95953->95966 95954->95958 95956 782bd9 95955->95956 95972 746350 22 API calls 95956->95972 95957 742b5f 95964 742b66 SetCurrentDirectoryW 95957->95964 95958->95957 95961 7430f2 Shell_NotifyIconW 95958->95961 95961->95957 95962 782be7 95963 7433c6 22 API calls 95962->95963 95963->95966 95967 742b7a 95964->95967 95965 782c26 95965->95957 95966->95965 95973 742cd4 7 API calls 95968->95973 95970 742b2a 95971 742c63 CreateWindowExW CreateWindowExW ShowWindow ShowWindow 95970->95971 95971->95949 95972->95962 95973->95970

                                                                                                                                                                                                                                                Executed Functions

                                                                                                                                                                                                                                                Function 007442DE Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 235libraryloaderCOMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 400 7442de-74434d call 74a961 GetVersionExW call 746b57 405 744353 400->405 406 783617-78362a 400->406 408 744355-744357 405->408 407 78362b-78362f 406->407 409 783631 407->409 410 783632-78363e 407->410 411 74435d-7443bc call 7493b2 call 7437a0 408->411 412 783656 408->412 409->410 410->407 414 783640-783642 410->414 428 7443c2-7443c4 411->428 429 7837df-7837e6 411->429 417 78365d-783660 412->417 414->408 416 783648-78364f 414->416 416->406 421 783651 416->421 418 783666-7836a8 417->418 419 74441b-744435 GetCurrentProcess IsWow64Process 417->419 418->419 422 7836ae-7836b1 418->422 424 744494-74449a 419->424 425 744437 419->425 421->412 426 7836db-7836e5 422->426 427 7836b3-7836bd 422->427 430 74443d-744449 424->430 425->430 434 7836f8-783702 426->434 435 7836e7-7836f3 426->435 431 7836ca-7836d6 427->431 432 7836bf-7836c5 427->432 428->417 433 7443ca-7443dd 428->433 436 7837e8 429->436 437 783806-783809 429->437 438 74444f-74445e LoadLibraryA 430->438 439 783824-783828 GetSystemInfo 430->439 431->419 432->419 440 7443e3-7443e5 433->440 441 783726-78372f 433->441 443 783704-783710 434->443 444 783715-783721 434->444 435->419 442 7837ee 436->442 445 78380b-78381a 437->445 446 7837f4-7837fc 437->446 447 744460-74446e GetProcAddress 438->447 448 74449c-7444a6 GetSystemInfo 438->448 450 78374d-783762 440->450 451 7443eb-7443ee 440->451 452 78373c-783748 441->452 453 783731-783737 441->453 442->446 443->419 444->419 445->442 454 78381c-783822 445->454 446->437 447->448 455 744470-744474 GetNativeSystemInfo 447->455 449 744476-744478 448->449 456 744481-744493 449->456 457 74447a-74447b FreeLibrary 449->457 460 78376f-78377b 450->460 461 783764-78376a 450->461 458 7443f4-74440f 451->458 459 783791-783794 451->459 452->419 453->419 454->446 455->449 457->456 463 744415 458->463 464 783780-78378c 458->464 459->419 462 78379a-7837c1 459->462 460->419 461->419 465 7837ce-7837da 462->465 466 7837c3-7837c9 462->466 463->419 464->419 465->419 466->419
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetVersionExW.KERNEL32(?), ref: 0074430D
                                                                                                                                                                                                                                                  • Part of subcall function 00746B57: _wcslen.LIBCMT ref: 00746B6A
                                                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(?,007DCB64,00000000,?,?), ref: 00744422
                                                                                                                                                                                                                                                • IsWow64Process.KERNEL32(00000000,?,?), ref: 00744429
                                                                                                                                                                                                                                                • LoadLibraryA.KERNEL32(kernel32.dll,?,?), ref: 00744454
                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 00744466
                                                                                                                                                                                                                                                • GetNativeSystemInfo.KERNELBASE(?,?,?), ref: 00744474
                                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000,?,?), ref: 0074447B
                                                                                                                                                                                                                                                • GetSystemInfo.KERNEL32(?,?,?), ref: 007444A0
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: InfoLibraryProcessSystem$AddressCurrentFreeLoadNativeProcVersionWow64_wcslen
                                                                                                                                                                                                                                                • String ID: GetNativeSystemInfo$kernel32.dll$|O
                                                                                                                                                                                                                                                • API String ID: 3290436268-3101561225
                                                                                                                                                                                                                                                • Opcode ID: 933994b0e9f4cf6b2e342bbdb404367c010c125b2c7e8f3116e2e96522ead5fa
                                                                                                                                                                                                                                                • Instruction ID: 996b0fff955ba935e29db7a257a73b221d98ec6e40b3aa52e483147aa4ffaa49
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 933994b0e9f4cf6b2e342bbdb404367c010c125b2c7e8f3116e2e96522ead5fa
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D8A1946190A2D0DFCF12D76D7C8D3DA7FAC7F26700B18C49AD26193B6AD62C4508DB26
                                                                                                                                                                                                                                                Function 007442A2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 61COMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 804 7442a2-7442ba CreateStreamOnHGlobal 805 7442bc-7442d3 FindResourceExW 804->805 806 7442da-7442dd 804->806 807 7835ba-7835c9 LoadResource 805->807 808 7442d9 805->808 807->808 809 7835cf-7835dd SizeofResource 807->809 808->806 809->808 810 7835e3-7835ee LockResource 809->810 810->808 811 7835f4-783612 810->811 811->808
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • CreateStreamOnHGlobal.COMBASE(00000000,00000001,?,?,?,?,?,007450AA,?,?,00000000,00000000), ref: 007442B2
                                                                                                                                                                                                                                                • FindResourceExW.KERNEL32(?,0000000A,SCRIPT,00000000,?,?,007450AA,?,?,00000000,00000000), ref: 007442C9
                                                                                                                                                                                                                                                • LoadResource.KERNEL32(?,00000000,?,?,007450AA,?,?,00000000,00000000,?,?,?,?,?,?,00744F20), ref: 007835BE
                                                                                                                                                                                                                                                • SizeofResource.KERNEL32(?,00000000,?,?,007450AA,?,?,00000000,00000000,?,?,?,?,?,?,00744F20), ref: 007835D3
                                                                                                                                                                                                                                                • LockResource.KERNEL32(007450AA,?,?,007450AA,?,?,00000000,00000000,?,?,?,?,?,?,00744F20,?), ref: 007835E6
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Resource$CreateFindGlobalLoadLockSizeofStream
                                                                                                                                                                                                                                                • String ID: SCRIPT
                                                                                                                                                                                                                                                • API String ID: 3051347437-3967369404
                                                                                                                                                                                                                                                • Opcode ID: 4ff808bd970047b01b7f24543cd5e2885064a179f9b33ba2500accdafc60ea5a
                                                                                                                                                                                                                                                • Instruction ID: 21f856563ebc288fca603f8b3447c85141aa3da20bbccc3f728858510e24bd31
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4ff808bd970047b01b7f24543cd5e2885064a179f9b33ba2500accdafc60ea5a
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4A117CB1201701BFDB228BA5DC49F277BB9FBC5B51F10816EB41296290DBB5E800D620
                                                                                                                                                                                                                                                Function 00782BA5 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 00742B6B
                                                                                                                                                                                                                                                  • Part of subcall function 00743A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,00811418,?,00742E7F,?,?,?,00000000), ref: 00743A78
                                                                                                                                                                                                                                                  • Part of subcall function 00749CB3: _wcslen.LIBCMT ref: 00749CBD
                                                                                                                                                                                                                                                • GetForegroundWindow.USER32(runas,?,?,?,?,?,00802224), ref: 00782C10
                                                                                                                                                                                                                                                • ShellExecuteW.SHELL32(00000000,?,?,00802224), ref: 00782C17
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CurrentDirectoryExecuteFileForegroundModuleNameShellWindow_wcslen
                                                                                                                                                                                                                                                • String ID: runas
                                                                                                                                                                                                                                                • API String ID: 448630720-4000483414
                                                                                                                                                                                                                                                • Opcode ID: ba6901514be3c5c392317ea5cdfccfacf2710969f35dff5f07ce4ff84b3e7127
                                                                                                                                                                                                                                                • Instruction ID: 388df138fe348c483c0666af29da08cc36f60e4c4f117b66c06c87b2bc2f1f5f
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ba6901514be3c5c392317ea5cdfccfacf2710969f35dff5f07ce4ff84b3e7127
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CE11E471208341EACB04FF60D85D9AEBBA9EF91710F44442DF28A420A3DF3C894AC722
                                                                                                                                                                                                                                                Function 007AD4DC Relevance: 6.1, APIs: 4, Instructions: 86processCOMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • CreateToolhelp32Snapshot.KERNEL32 ref: 007AD501
                                                                                                                                                                                                                                                • Process32FirstW.KERNEL32(00000000,?), ref: 007AD50F
                                                                                                                                                                                                                                                • Process32NextW.KERNEL32(00000000,?), ref: 007AD52F
                                                                                                                                                                                                                                                • CloseHandle.KERNELBASE(00000000), ref: 007AD5DC
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 420147892-0
                                                                                                                                                                                                                                                • Opcode ID: ba51cb45d15bd588a6d4dbca90ca492f822c573739cde9c251cca0e6c0562af5
                                                                                                                                                                                                                                                • Instruction ID: d75771f8e62fcd82ac198559971249df8ebb1332659047c86f7212f2d6cc0516
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ba51cb45d15bd588a6d4dbca90ca492f822c573739cde9c251cca0e6c0562af5
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 93319372108301DFD311EF54C885AAFBBF8EFD9354F14052DF582861A2EB759944CBA2
                                                                                                                                                                                                                                                Function 007ADBBE Relevance: 6.0, APIs: 4, Instructions: 29filestringCOMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 1004 7adbbe-7adbda lstrlenW 1005 7adbdc-7adbe6 GetFileAttributesW 1004->1005 1006 7adc06 1004->1006 1007 7adbe8-7adbf7 FindFirstFileW 1005->1007 1008 7adc09-7adc0d 1005->1008 1006->1008 1007->1006 1009 7adbf9-7adc04 FindClose 1007->1009 1009->1008
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • lstrlenW.KERNEL32(?,00785222), ref: 007ADBCE
                                                                                                                                                                                                                                                • GetFileAttributesW.KERNELBASE(?), ref: 007ADBDD
                                                                                                                                                                                                                                                • FindFirstFileW.KERNEL32(?,?), ref: 007ADBEE
                                                                                                                                                                                                                                                • FindClose.KERNEL32(00000000), ref: 007ADBFA
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: FileFind$AttributesCloseFirstlstrlen
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2695905019-0
                                                                                                                                                                                                                                                • Opcode ID: 9418e03cfbbdc3b9c339659b59d5999d674bdcdbb9cf5498999a84806f0a2681
                                                                                                                                                                                                                                                • Instruction ID: 41a63cb297115be55f25bff255d3fcd0963f0c0be6925e84472af5a7a18b1b08
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9418e03cfbbdc3b9c339659b59d5999d674bdcdbb9cf5498999a84806f0a2681
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C0F0A0308119255B92316B78AC0D8AA377CAE82334F908713F876D24E0EBBC6D54C6A9
                                                                                                                                                                                                                                                Function 00764CE8 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(007728E9,?,00764CBE,007728E9,008088B8,0000000C,00764E15,007728E9,00000002,00000000,?,007728E9), ref: 00764D09
                                                                                                                                                                                                                                                • TerminateProcess.KERNEL32(00000000,?,00764CBE,007728E9,008088B8,0000000C,00764E15,007728E9,00000002,00000000,?,007728E9), ref: 00764D10
                                                                                                                                                                                                                                                • ExitProcess.KERNEL32 ref: 00764D22
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 1703294689-0
                                                                                                                                                                                                                                                • Opcode ID: a7439cfefdb3bc8d0f751962913ca22eb93d8d097e0fab2ed62e206cf8d840d6
                                                                                                                                                                                                                                                • Instruction ID: d4ecd8acd8394b4dc21dee753dfcb7a46f9b559fc4375f86df191f915fdeb928
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a7439cfefdb3bc8d0f751962913ca22eb93d8d097e0fab2ed62e206cf8d840d6
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8FE0B631501549ABCF12AF64DD09A583B79EB41781F108015FD0A9B122CB3DDD42DA84
                                                                                                                                                                                                                                                Function 007CAFF9 Relevance: 24.4, APIs: 16, Instructions: 418processCOMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 0 7caff9-7cb056 call 762340 3 7cb058-7cb06b call 74b567 0->3 4 7cb094-7cb098 0->4 13 7cb06d-7cb092 call 74b567 * 2 3->13 14 7cb0c8 3->14 6 7cb0dd-7cb0e0 4->6 7 7cb09a-7cb0bb call 74b567 * 2 4->7 9 7cb0f5-7cb119 call 747510 call 747620 6->9 10 7cb0e2-7cb0e5 6->10 29 7cb0bf-7cb0c4 7->29 31 7cb11f-7cb178 call 747510 call 747620 call 747510 call 747620 call 747510 call 747620 9->31 32 7cb1d8-7cb1e0 9->32 15 7cb0e8-7cb0ed call 74b567 10->15 13->29 19 7cb0cb-7cb0cf 14->19 15->9 24 7cb0d9-7cb0db 19->24 25 7cb0d1-7cb0d7 19->25 24->6 24->9 25->15 29->6 33 7cb0c6 29->33 79 7cb17a-7cb195 call 747510 call 747620 31->79 80 7cb1a6-7cb1d6 GetSystemDirectoryW call 75fe0b GetSystemDirectoryW 31->80 36 7cb20a-7cb238 GetCurrentDirectoryW call 75fe0b GetCurrentDirectoryW 32->36 37 7cb1e2-7cb1fd call 747510 call 747620 32->37 33->19 45 7cb23c 36->45 37->36 50 7cb1ff-7cb208 call 764963 37->50 49 7cb240-7cb244 45->49 52 7cb275-7cb285 call 7b00d9 49->52 53 7cb246-7cb270 call 749c6e * 3 49->53 50->36 50->52 62 7cb28b-7cb2e1 call 7b07c0 call 7b06e6 call 7b05a7 52->62 63 7cb287-7cb289 52->63 53->52 66 7cb2ee-7cb2f2 62->66 99 7cb2e3 62->99 63->66 71 7cb2f8-7cb321 call 7a11c8 66->71 72 7cb39a-7cb3be CreateProcessW 66->72 88 7cb32a call 7a14ce 71->88 89 7cb323-7cb328 call 7a1201 71->89 76 7cb3c1-7cb3d4 call 75fe14 * 2 72->76 103 7cb42f-7cb43d CloseHandle 76->103 104 7cb3d6-7cb3e8 76->104 79->80 105 7cb197-7cb1a0 call 764963 79->105 80->45 98 7cb32f-7cb33c call 764963 88->98 89->98 115 7cb33e-7cb345 98->115 116 7cb347-7cb357 call 764963 98->116 99->66 107 7cb49c 103->107 108 7cb43f-7cb444 103->108 109 7cb3ed-7cb3fc 104->109 110 7cb3ea 104->110 105->49 105->80 113 7cb4a0-7cb4a4 107->113 117 7cb446-7cb44c CloseHandle 108->117 118 7cb451-7cb456 108->118 111 7cb3fe 109->111 112 7cb401-7cb42a GetLastError call 74630c call 74cfa0 109->112 110->109 111->112 127 7cb4e5-7cb4f6 call 7b0175 112->127 120 7cb4a6-7cb4b0 113->120 121 7cb4b2-7cb4bc 113->121 115->115 115->116 136 7cb359-7cb360 116->136 137 7cb362-7cb372 call 764963 116->137 117->118 124 7cb458-7cb45e CloseHandle 118->124 125 7cb463-7cb468 118->125 120->127 128 7cb4be 121->128 129 7cb4c4-7cb4e3 call 74cfa0 CloseHandle 121->129 124->125 131 7cb46a-7cb470 CloseHandle 125->131 132 7cb475-7cb49a call 7b09d9 call 7cb536 125->132 128->129 129->127 131->132 132->113 136->136 136->137 147 7cb37d-7cb398 call 75fe14 * 3 137->147 148 7cb374-7cb37b 137->148 147->76 148->147 148->148
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 007CB198
                                                                                                                                                                                                                                                • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 007CB1B0
                                                                                                                                                                                                                                                • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 007CB1D4
                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 007CB200
                                                                                                                                                                                                                                                • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 007CB214
                                                                                                                                                                                                                                                • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 007CB236
                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 007CB332
                                                                                                                                                                                                                                                  • Part of subcall function 007B05A7: GetStdHandle.KERNEL32(000000F6), ref: 007B05C6
                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 007CB34B
                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 007CB366
                                                                                                                                                                                                                                                • CreateProcessW.KERNELBASE(00000000,?,00000000,00000000,?,?,00000000,?,?,?), ref: 007CB3B6
                                                                                                                                                                                                                                                • GetLastError.KERNEL32(00000000), ref: 007CB407
                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 007CB439
                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 007CB44A
                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 007CB45C
                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 007CB46E
                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 007CB4E3
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Handle$Close_wcslen$Directory$CurrentSystem$CreateErrorLastProcess
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2178637699-0
                                                                                                                                                                                                                                                • Opcode ID: 12244b0e61c4b75655e5c3adfc1c90974ede0410f84f9ee36d62566dedcaa1a0
                                                                                                                                                                                                                                                • Instruction ID: 6fa953a0819d152560c56b394fd52ef547c9adcd1df148acf2919ce2fd4eb92d
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 12244b0e61c4b75655e5c3adfc1c90974ede0410f84f9ee36d62566dedcaa1a0
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 83F18A31608340DFC715EF24C886B6EBBE5AF85310F14895DF8999B2A2CB39EC44CB52
                                                                                                                                                                                                                                                Function 0074D730 Relevance: 21.6, APIs: 14, Instructions: 631sleepsynchronizationtimeCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetInputState.USER32 ref: 0074D807
                                                                                                                                                                                                                                                • timeGetTime.WINMM ref: 0074DA07
                                                                                                                                                                                                                                                • Sleep.KERNELBASE(0000000A), ref: 0074DBB1
                                                                                                                                                                                                                                                • Sleep.KERNEL32(0000000A), ref: 00792B76
                                                                                                                                                                                                                                                • GetExitCodeProcess.KERNEL32(?,?), ref: 00792C11
                                                                                                                                                                                                                                                • WaitForSingleObject.KERNEL32(?,00000000), ref: 00792C29
                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 00792C3D
                                                                                                                                                                                                                                                • Sleep.KERNEL32(?,CCCCCCCC,00000000), ref: 00792CA9
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Sleep$CloseCodeExitHandleInputObjectProcessSingleStateTimeWaittime
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 388478766-0
                                                                                                                                                                                                                                                • Opcode ID: a9f55c76c0e6c99bc91a476eae82cd7b3087531fdd837dc2567062b09a9c6651
                                                                                                                                                                                                                                                • Instruction ID: 0ea7f8632107156e0b2856169b407f5809718c789e8fb56e4d0e44b49654e2c5
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a9f55c76c0e6c99bc91a476eae82cd7b3087531fdd837dc2567062b09a9c6651
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F0420270604242EFDB39DF24D888BAAB7E5FF46304F148519E89587292D77CEC45CB92
                                                                                                                                                                                                                                                Function 00742CD4 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 53windowregistryCOMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetSysColorBrush.USER32(0000000F), ref: 00742D07
                                                                                                                                                                                                                                                • RegisterClassExW.USER32(00000030), ref: 00742D31
                                                                                                                                                                                                                                                • RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00742D42
                                                                                                                                                                                                                                                • InitCommonControlsEx.COMCTL32(?), ref: 00742D5F
                                                                                                                                                                                                                                                • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00742D6F
                                                                                                                                                                                                                                                • LoadIconW.USER32(000000A9), ref: 00742D85
                                                                                                                                                                                                                                                • ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00742D94
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
                                                                                                                                                                                                                                                • String ID: +$0$AutoIt v3 GUI$TaskbarCreated
                                                                                                                                                                                                                                                • API String ID: 2914291525-1005189915
                                                                                                                                                                                                                                                • Opcode ID: 8f57f30f07a22dc5a0d256e6ca72f2a4ed74876a1a31d1d6489fe1ac241a85b2
                                                                                                                                                                                                                                                • Instruction ID: 07117b1c4bd8a4ee31a12afc8a5b453477b561f7df4a0c5ac4ab4821e5edd0e6
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8f57f30f07a22dc5a0d256e6ca72f2a4ed74876a1a31d1d6489fe1ac241a85b2
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4321E3B1902209AFDF01DFA4ED49BDDBFB8FB08710F00811AF621A62A0D7B95544CF94
                                                                                                                                                                                                                                                Function 0078065B Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 272COMMONLIBRARYCODE
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 468 78065b-78068b call 78042f 471 78068d-780698 call 76f2c6 468->471 472 7806a6-7806b2 call 775221 468->472 479 78069a-7806a1 call 76f2d9 471->479 477 7806cb-780714 call 78039a 472->477 478 7806b4-7806c9 call 76f2c6 call 76f2d9 472->478 487 780781-78078a GetFileType 477->487 488 780716-78071f 477->488 478->479 489 78097d-780983 479->489 490 78078c-7807bd GetLastError call 76f2a3 CloseHandle 487->490 491 7807d3-7807d6 487->491 493 780721-780725 488->493 494 780756-78077c GetLastError call 76f2a3 488->494 490->479 505 7807c3-7807ce call 76f2d9 490->505 496 7807d8-7807dd 491->496 497 7807df-7807e5 491->497 493->494 498 780727-780754 call 78039a 493->498 494->479 501 7807e9-780837 call 77516a 496->501 497->501 502 7807e7 497->502 498->487 498->494 511 780839-780845 call 7805ab 501->511 512 780847-78086b call 78014d 501->512 502->501 505->479 511->512 517 78086f-780879 call 7786ae 511->517 518 78086d 512->518 519 78087e-7808c1 512->519 517->489 518->517 521 7808e2-7808f0 519->521 522 7808c3-7808c7 519->522 525 78097b 521->525 526 7808f6-7808fa 521->526 522->521 524 7808c9-7808dd 522->524 524->521 525->489 526->525 527 7808fc-78092f CloseHandle call 78039a 526->527 530 780931-78095d GetLastError call 76f2a3 call 775333 527->530 531 780963-780977 527->531 530->531 531->525
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 0078039A: CreateFileW.KERNELBASE(00000000,00000000,?,00780704,?,?,00000000,?,00780704,00000000,0000000C), ref: 007803B7
                                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 0078076F
                                                                                                                                                                                                                                                • __dosmaperr.LIBCMT ref: 00780776
                                                                                                                                                                                                                                                • GetFileType.KERNELBASE(00000000), ref: 00780782
                                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 0078078C
                                                                                                                                                                                                                                                • __dosmaperr.LIBCMT ref: 00780795
                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 007807B5
                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 007808FF
                                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 00780931
                                                                                                                                                                                                                                                • __dosmaperr.LIBCMT ref: 00780938
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                                                                                                                                                                                                                                • String ID: H
                                                                                                                                                                                                                                                • API String ID: 4237864984-2852464175
                                                                                                                                                                                                                                                • Opcode ID: dd4d4520b2ec161d96429c5e7db375df662337f8f4452885775768561f9bdc95
                                                                                                                                                                                                                                                • Instruction ID: 13adedd36dde6b0e417ffee2b3cf50f417d003d9a1f2f7a7647913f2cb89ba31
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: dd4d4520b2ec161d96429c5e7db375df662337f8f4452885775768561f9bdc95
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 51A12432A401088FDF19AF68DC56BAE7BA0AF06320F14415EF815DB2D1DB399D56CF91
                                                                                                                                                                                                                                                Function 0074344D Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 201registryCOMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 00743A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,00811418,?,00742E7F,?,?,?,00000000), ref: 00743A78
                                                                                                                                                                                                                                                  • Part of subcall function 00743357: GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00743379
                                                                                                                                                                                                                                                • RegOpenKeyExW.KERNELBASE(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,?,\Include\), ref: 0074356A
                                                                                                                                                                                                                                                • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,?), ref: 0078318D
                                                                                                                                                                                                                                                • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,?,00000000), ref: 007831CE
                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 00783210
                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00783277
                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00783286
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: NameQueryValue_wcslen$CloseFileFullModuleOpenPath
                                                                                                                                                                                                                                                • String ID: Include$Software\AutoIt v3\AutoIt$\$\Include\
                                                                                                                                                                                                                                                • API String ID: 98802146-2727554177
                                                                                                                                                                                                                                                • Opcode ID: 9b7544c365fe2bb7d4d0a8d603f7b3814662b46852ea17c2ba0187e979b9463f
                                                                                                                                                                                                                                                • Instruction ID: 22ed1d65ee9ea0f46bec65d945bf35ff9e6635f610e866565a9517137cecec1f
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9b7544c365fe2bb7d4d0a8d603f7b3814662b46852ea17c2ba0187e979b9463f
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 41718BB14053019EC304EF69DC869ABBBECFF84740F40852EF55583271EB389A58CB62
                                                                                                                                                                                                                                                Function 00742B83 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 63windowregistryCOMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetSysColorBrush.USER32(0000000F), ref: 00742B8E
                                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F00), ref: 00742B9D
                                                                                                                                                                                                                                                • LoadIconW.USER32(00000063), ref: 00742BB3
                                                                                                                                                                                                                                                • LoadIconW.USER32(000000A4), ref: 00742BC5
                                                                                                                                                                                                                                                • LoadIconW.USER32(000000A2), ref: 00742BD7
                                                                                                                                                                                                                                                • LoadImageW.USER32(00000063,00000001,00000010,00000010,00000000), ref: 00742BEF
                                                                                                                                                                                                                                                • RegisterClassExW.USER32(?), ref: 00742C40
                                                                                                                                                                                                                                                  • Part of subcall function 00742CD4: GetSysColorBrush.USER32(0000000F), ref: 00742D07
                                                                                                                                                                                                                                                  • Part of subcall function 00742CD4: RegisterClassExW.USER32(00000030), ref: 00742D31
                                                                                                                                                                                                                                                  • Part of subcall function 00742CD4: RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00742D42
                                                                                                                                                                                                                                                  • Part of subcall function 00742CD4: InitCommonControlsEx.COMCTL32(?), ref: 00742D5F
                                                                                                                                                                                                                                                  • Part of subcall function 00742CD4: ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00742D6F
                                                                                                                                                                                                                                                  • Part of subcall function 00742CD4: LoadIconW.USER32(000000A9), ref: 00742D85
                                                                                                                                                                                                                                                  • Part of subcall function 00742CD4: ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00742D94
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
                                                                                                                                                                                                                                                • String ID: #$0$AutoIt v3
                                                                                                                                                                                                                                                • API String ID: 423443420-4155596026
                                                                                                                                                                                                                                                • Opcode ID: 0f4ac232c07fd44c1ee1a63dd0716d0bbb5b17556c083836192b305e6469138a
                                                                                                                                                                                                                                                • Instruction ID: 5373d9864a822802a962969bc231820399031bd07bc479bb9623865df0f1ae97
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0f4ac232c07fd44c1ee1a63dd0716d0bbb5b17556c083836192b305e6469138a
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7B211D70E01314ABDF119F95EC59AD97FB8FF48B50F04801AE611A67A4D7B91540CF94
                                                                                                                                                                                                                                                Function 00743170 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 145windowtimeregistryCOMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 609 743170-743185 610 7431e5-7431e7 609->610 611 743187-74318a 609->611 610->611 612 7431e9 610->612 613 74318c-743193 611->613 614 7431eb 611->614 615 7431d0-7431d8 DefWindowProcW 612->615 618 743265-74326d PostQuitMessage 613->618 619 743199-74319e 613->619 616 782dfb-782e23 call 7418e2 call 75e499 614->616 617 7431f1-7431f6 614->617 625 7431de-7431e4 615->625 655 782e28-782e2f 616->655 620 74321d-743244 SetTimer RegisterWindowMessageW 617->620 621 7431f8-7431fb 617->621 626 743219-74321b 618->626 623 7431a4-7431a8 619->623 624 782e7c-782e90 call 7abf30 619->624 620->626 630 743246-743251 CreatePopupMenu 620->630 627 782d9c-782d9f 621->627 628 743201-74320f KillTimer call 7430f2 621->628 631 782e68-782e72 call 7ac161 623->631 632 7431ae-7431b3 623->632 624->626 650 782e96 624->650 626->625 634 782da1-782da5 627->634 635 782dd7-782df6 MoveWindow 627->635 645 743214 call 743c50 628->645 630->626 646 782e77 631->646 639 782e4d-782e54 632->639 640 7431b9-7431be 632->640 642 782dc6-782dd2 SetFocus 634->642 643 782da7-782daa 634->643 635->626 639->615 644 782e5a-782e63 call 7a0ad7 639->644 648 7431c4-7431ca 640->648 649 743253-743263 call 74326f 640->649 642->626 643->648 651 782db0-782dc1 call 7418e2 643->651 644->615 645->626 646->626 648->615 648->655 649->626 650->615 651->626 655->615 659 782e35-782e48 call 7430f2 call 743837 655->659 659->615
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • DefWindowProcW.USER32(?,?,?,?,?,?,?,?,?,0074316A,?,?), ref: 007431D8
                                                                                                                                                                                                                                                • KillTimer.USER32(?,00000001,?,?,?,?,?,0074316A,?,?), ref: 00743204
                                                                                                                                                                                                                                                • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 00743227
                                                                                                                                                                                                                                                • RegisterWindowMessageW.USER32(TaskbarCreated,?,?,?,?,?,0074316A,?,?), ref: 00743232
                                                                                                                                                                                                                                                • CreatePopupMenu.USER32 ref: 00743246
                                                                                                                                                                                                                                                • PostQuitMessage.USER32(00000000), ref: 00743267
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
                                                                                                                                                                                                                                                • String ID: TaskbarCreated
                                                                                                                                                                                                                                                • API String ID: 129472671-2362178303
                                                                                                                                                                                                                                                • Opcode ID: fe715cab2adf717e480a729ff85014ac704706a65fb62bc5357ee50b0f5c8cd4
                                                                                                                                                                                                                                                • Instruction ID: 28a2bdf2691b8b521ebcf2e71c89298f707c76498709a7c11bc466c1865623eb
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: fe715cab2adf717e480a729ff85014ac704706a65fb62bc5357ee50b0f5c8cd4
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 95412B31240209E7DF152B789C4DBF93B2DFF05310F048116F62AC62A6C7BD9A41D7A5
                                                                                                                                                                                                                                                Function 00741410 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 332COMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 665 741410-741449 666 7824b8-7824b9 DestroyWindow 665->666 667 74144f-741465 mciSendStringW 665->667 670 7824c4-7824d1 666->670 668 7416c6-7416d3 667->668 669 74146b-741473 667->669 672 7416d5-7416f0 UnregisterHotKey 668->672 673 7416f8-7416ff 668->673 669->670 671 741479-741488 call 74182e 669->671 675 782500-782507 670->675 676 7824d3-7824d6 670->676 686 78250e-78251a 671->686 687 74148e-741496 671->687 672->673 678 7416f2-7416f3 call 7410d0 672->678 673->669 674 741705 673->674 674->668 675->670 680 782509 675->680 681 7824d8-7824e0 call 746246 676->681 682 7824e2-7824e5 FindClose 676->682 678->673 680->686 685 7824eb-7824f8 681->685 682->685 685->675 688 7824fa-7824fb call 7b32b1 685->688 691 78251c-78251e FreeLibrary 686->691 692 782524-78252b 686->692 689 74149c-7414c1 call 74cfa0 687->689 690 782532-78253f 687->690 688->675 702 7414c3 689->702 703 7414f8-741503 CoUninitialize 689->703 697 782541-78255e VirtualFree 690->697 698 782566-78256d 690->698 691->692 692->686 696 78252d 692->696 696->690 697->698 700 782560-782561 call 7b3317 697->700 698->690 701 78256f 698->701 700->698 705 782574-782578 701->705 706 7414c6-7414f6 call 741a05 call 7419ae 702->706 703->705 707 741509-74150e 703->707 705->707 708 78257e-782584 705->708 706->703 710 741514-74151e 707->710 711 782589-782596 call 7b32eb 707->711 708->707 714 741524-7415a5 call 74988f call 741944 call 7417d5 call 75fe14 call 74177c call 74988f call 74cfa0 call 7417fe call 75fe14 710->714 715 741707-741714 call 75f80e 710->715 723 782598 711->723 728 78259d-7825bf call 75fdcd 714->728 755 7415ab-7415cf call 75fe14 714->755 715->714 725 74171a 715->725 723->728 725->715 734 7825c1 728->734 737 7825c6-7825e8 call 75fdcd 734->737 742 7825ea 737->742 745 7825ef-782611 call 75fdcd 742->745 751 782613 745->751 754 782618-782625 call 7a64d4 751->754 761 782627 754->761 755->737 760 7415d5-7415f9 call 75fe14 755->760 760->745 765 7415ff-741619 call 75fe14 760->765 764 78262c-782639 call 75ac64 761->764 769 78263b 764->769 765->754 771 74161f-741643 call 7417d5 call 75fe14 765->771 772 782640-78264d call 7b3245 769->772 771->764 780 741649-741651 771->780 778 78264f 772->778 781 782654-782661 call 7b32cc 778->781 780->772 782 741657-741675 call 74988f call 74190a 780->782 788 782663 781->788 782->781 790 74167b-741689 782->790 791 782668-782675 call 7b32cc 788->791 790->791 792 74168f-7416c5 call 74988f * 3 call 741876 790->792 796 782677 791->796 796->796
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • mciSendStringW.WINMM(close all,00000000,00000000,00000000), ref: 00741459
                                                                                                                                                                                                                                                • CoUninitialize.COMBASE ref: 007414F8
                                                                                                                                                                                                                                                • UnregisterHotKey.USER32(?), ref: 007416DD
                                                                                                                                                                                                                                                • DestroyWindow.USER32(?), ref: 007824B9
                                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(?), ref: 0078251E
                                                                                                                                                                                                                                                • VirtualFree.KERNEL32(?,00000000,00008000), ref: 0078254B
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Free$DestroyLibrarySendStringUninitializeUnregisterVirtualWindow
                                                                                                                                                                                                                                                • String ID: close all
                                                                                                                                                                                                                                                • API String ID: 469580280-3243417748
                                                                                                                                                                                                                                                • Opcode ID: 6eed3612a4e436dbc70d8ac72034b6df9b2241652f2c63027039321a57298d93
                                                                                                                                                                                                                                                • Instruction ID: dfacbd5bb6b431d7065e5ce81c7d01b670e9d60136a3cdd71645a45971f16f4c
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6eed3612a4e436dbc70d8ac72034b6df9b2241652f2c63027039321a57298d93
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 12D18C31741212CFCB19EF14C899A69F7A4BF05301F5442ADE84A6B252DB38ED63CF55
                                                                                                                                                                                                                                                Function 00742C63 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 44COMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 814 742c63-742cd3 CreateWindowExW * 2 ShowWindow * 2
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 00742C91
                                                                                                                                                                                                                                                • CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 00742CB2
                                                                                                                                                                                                                                                • ShowWindow.USER32(00000000,?,?,?,?,?,?,00741CAD,?), ref: 00742CC6
                                                                                                                                                                                                                                                • ShowWindow.USER32(00000000,?,?,?,?,?,?,00741CAD,?), ref: 00742CCF
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Window$CreateShow
                                                                                                                                                                                                                                                • String ID: AutoIt v3$edit
                                                                                                                                                                                                                                                • API String ID: 1584632944-3779509399
                                                                                                                                                                                                                                                • Opcode ID: d26258b243a2e4b074902937060bb5c30845f1f4cc0dc50fdd3c6367dcfe7adb
                                                                                                                                                                                                                                                • Instruction ID: e0f000a77e1a84f46732760a0609f3c7cb8357de8e5f536add62b33e9878fdee
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d26258b243a2e4b074902937060bb5c30845f1f4cc0dc50fdd3c6367dcfe7adb
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0FF0DA755402907AEF311717AC0CEB76EBDEBC6F60B00815AFA10A26A4C6691850DAB4
                                                                                                                                                                                                                                                Function 00743B1C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58registryCOMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 965 743b1c-743b27 966 743b99-743b9b 965->966 967 743b29-743b2e 965->967 968 743b8c-743b8f 966->968 967->966 969 743b30-743b48 RegOpenKeyExW 967->969 969->966 970 743b4a-743b69 RegQueryValueExW 969->970 971 743b80-743b8b RegCloseKey 970->971 972 743b6b-743b76 970->972 971->968 973 743b90-743b97 972->973 974 743b78-743b7a 972->974 975 743b7e 973->975 974->975 975->971
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • RegOpenKeyExW.KERNELBASE(80000001,Control Panel\Mouse,00000000,00000001,00000000,?,?,80000001,80000001,?,00743B0F,SwapMouseButtons,00000004,?), ref: 00743B40
                                                                                                                                                                                                                                                • RegQueryValueExW.KERNELBASE(00000000,00000000,00000000,00000000,?,?,?,?,?,80000001,80000001,?,00743B0F,SwapMouseButtons,00000004,?), ref: 00743B61
                                                                                                                                                                                                                                                • RegCloseKey.KERNELBASE(00000000,?,?,?,80000001,80000001,?,00743B0F,SwapMouseButtons,00000004,?), ref: 00743B83
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CloseOpenQueryValue
                                                                                                                                                                                                                                                • String ID: Control Panel\Mouse
                                                                                                                                                                                                                                                • API String ID: 3677997916-824357125
                                                                                                                                                                                                                                                • Opcode ID: 6e83db1521d259cf1596dd72a8225c42674c484705e3b0ecb327f36440e66da8
                                                                                                                                                                                                                                                • Instruction ID: ef6cfdaebd46186cb5415da06d1401db940454d4c1ec6402e158e53e5d70c4bb
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6e83db1521d259cf1596dd72a8225c42674c484705e3b0ecb327f36440e66da8
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 101127B5611208FFDB218FA5DC84AAEBBB8EF05744B10856AA809D7110E3359E44DBA4
                                                                                                                                                                                                                                                Function 00743923 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 94windowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • LoadStringW.USER32(00000065,?,0000007F,00000104), ref: 007833A2
                                                                                                                                                                                                                                                  • Part of subcall function 00746B57: _wcslen.LIBCMT ref: 00746B6A
                                                                                                                                                                                                                                                • Shell_NotifyIconW.SHELL32(00000001,?), ref: 00743A04
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: IconLoadNotifyShell_String_wcslen
                                                                                                                                                                                                                                                • String ID: Line:
                                                                                                                                                                                                                                                • API String ID: 2289894680-1585850449
                                                                                                                                                                                                                                                • Opcode ID: 649ec2696c431588676c046c64d77dabd978ec8ce91592b0a5b7e4c420dbd8e9
                                                                                                                                                                                                                                                • Instruction ID: a757d859766d62c6bf4369a177c9e00fb44a43c653dfcce82172f03fdb34a608
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 649ec2696c431588676c046c64d77dabd978ec8ce91592b0a5b7e4c420dbd8e9
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BC31A471548300AAD721EB24DC49BDBB7ECAF41714F10491AF5AD92291DB7C9649C7C2
                                                                                                                                                                                                                                                Function 0075FDDB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • __CxxThrowException@8.LIBVCRUNTIME ref: 00760668
                                                                                                                                                                                                                                                  • Part of subcall function 007632A4: RaiseException.KERNEL32(?,?,?,0076068A,?,00811444,?,?,?,?,?,?,0076068A,00741129,00808738,00741129), ref: 00763304
                                                                                                                                                                                                                                                • __CxxThrowException@8.LIBVCRUNTIME ref: 00760685
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Exception@8Throw$ExceptionRaise
                                                                                                                                                                                                                                                • String ID: Unknown exception
                                                                                                                                                                                                                                                • API String ID: 3476068407-410509341
                                                                                                                                                                                                                                                • Opcode ID: 25cecf7c724fcbc35ec7d641fb6f344d48335dc151131d4c59d1cef72885e6e8
                                                                                                                                                                                                                                                • Instruction ID: 4062aa5e7f6b335b1de034a11cf8723ef624c889380522a1f72a84fd2ae8101a
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 25cecf7c724fcbc35ec7d641fb6f344d48335dc151131d4c59d1cef72885e6e8
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 99F0FF34A0030DE7CB00BAA4DC5AC9E777CAE00310B608035FD26D6A92EF79DA69C9D0
                                                                                                                                                                                                                                                Function 007410F3 Relevance: 4.7, APIs: 3, Instructions: 153comCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 00741BC3: MapVirtualKeyW.USER32(0000005B,00000000), ref: 00741BF4
                                                                                                                                                                                                                                                  • Part of subcall function 00741BC3: MapVirtualKeyW.USER32(00000010,00000000), ref: 00741BFC
                                                                                                                                                                                                                                                  • Part of subcall function 00741BC3: MapVirtualKeyW.USER32(000000A0,00000000), ref: 00741C07
                                                                                                                                                                                                                                                  • Part of subcall function 00741BC3: MapVirtualKeyW.USER32(000000A1,00000000), ref: 00741C12
                                                                                                                                                                                                                                                  • Part of subcall function 00741BC3: MapVirtualKeyW.USER32(00000011,00000000), ref: 00741C1A
                                                                                                                                                                                                                                                  • Part of subcall function 00741BC3: MapVirtualKeyW.USER32(00000012,00000000), ref: 00741C22
                                                                                                                                                                                                                                                  • Part of subcall function 00741B4A: RegisterWindowMessageW.USER32(00000004,?,007412C4), ref: 00741BA2
                                                                                                                                                                                                                                                • GetStdHandle.KERNEL32(000000F6,00000000,00000000), ref: 0074136A
                                                                                                                                                                                                                                                • OleInitialize.OLE32 ref: 00741388
                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,00000000), ref: 007824AB
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Virtual$Handle$CloseInitializeMessageRegisterWindow
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 1986988660-0
                                                                                                                                                                                                                                                • Opcode ID: 8dbac4f4d58151de6b6e0b46b6dbe2f3806b6f6c17d5dc5e0c30903a6c13aea3
                                                                                                                                                                                                                                                • Instruction ID: 4c140fe1edb5e1403d32bd6a53c4f3dc54edb0e6c96048882f7c188cb7e6992b
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8dbac4f4d58151de6b6e0b46b6dbe2f3806b6f6c17d5dc5e0c30903a6c13aea3
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 567195B49122018E8F84EFA9A85D6D57AEAFF88740754C23AD60AC7361EB385485CF48
                                                                                                                                                                                                                                                Function 007AC161 Relevance: 4.6, APIs: 3, Instructions: 74timewindowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 00743923: Shell_NotifyIconW.SHELL32(00000001,?), ref: 00743A04
                                                                                                                                                                                                                                                • Shell_NotifyIconW.SHELL32(00000001,000003A8), ref: 007AC259
                                                                                                                                                                                                                                                • KillTimer.USER32(?,00000001,?,?), ref: 007AC261
                                                                                                                                                                                                                                                • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 007AC270
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: IconNotifyShell_Timer$Kill
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 3500052701-0
                                                                                                                                                                                                                                                • Opcode ID: 43186a69732a4374073f1f57624f5e058246e5a336390ed4222a193c8619f3cd
                                                                                                                                                                                                                                                • Instruction ID: 0ba3b93f2ca7354b88b4b0afc728ee92729f6946e0f759575cbefb96cb0139ab
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 43186a69732a4374073f1f57624f5e058246e5a336390ed4222a193c8619f3cd
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6C319570904344BFEB239F648859BE7BBFCAF47304F04449AD6DA97281C7785A84CB51
                                                                                                                                                                                                                                                Function 007786AE Relevance: 4.6, APIs: 3, Instructions: 61COMMONLIBRARYCODE
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • CloseHandle.KERNELBASE(00000000,00000000,?,?,007785CC,?,00808CC8,0000000C), ref: 00778704
                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,007785CC,?,00808CC8,0000000C), ref: 0077870E
                                                                                                                                                                                                                                                • __dosmaperr.LIBCMT ref: 00778739
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CloseErrorHandleLast__dosmaperr
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2583163307-0
                                                                                                                                                                                                                                                • Opcode ID: b1b33b6b7ab939680b29230a4f348cdd1b018955dfd19b30c67f00ebaf5bbdb9
                                                                                                                                                                                                                                                • Instruction ID: 0c66fd8d860184f27c9fa6b528b9681340f6fead8564c9587c9e28f54980da4a
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b1b33b6b7ab939680b29230a4f348cdd1b018955dfd19b30c67f00ebaf5bbdb9
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 37014C32A4532076DEA46334E84EB6E274A4B817F8F29C119E80CCB0E3DDEC8C818192
                                                                                                                                                                                                                                                Function 0074DB38 Relevance: 4.5, APIs: 3, Instructions: 29windowsleepCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • TranslateMessage.USER32(?), ref: 0074DB7B
                                                                                                                                                                                                                                                • DispatchMessageW.USER32(?), ref: 0074DB89
                                                                                                                                                                                                                                                • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0074DB9F
                                                                                                                                                                                                                                                • Sleep.KERNELBASE(0000000A), ref: 0074DBB1
                                                                                                                                                                                                                                                • TranslateAcceleratorW.USER32(?,?,?), ref: 00791CC9
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Message$Translate$AcceleratorDispatchPeekSleep
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 3288985973-0
                                                                                                                                                                                                                                                • Opcode ID: d873a97fe3f7765b276cf6e7cddbb7b449baff6fe289ed40869993982033e75f
                                                                                                                                                                                                                                                • Instruction ID: 771637e4d135f0de7da26db7fed6d4591797cb1e681f072dd08ed455769233e6
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d873a97fe3f7765b276cf6e7cddbb7b449baff6fe289ed40869993982033e75f
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 68F05E306453419BEB30CBA09C49FEA73BCEF45310F508A29E65AC30C0DB389888CB29
                                                                                                                                                                                                                                                Function 00751310 Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 531COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • __Init_thread_footer.LIBCMT ref: 007517F6
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Init_thread_footer
                                                                                                                                                                                                                                                • String ID: CALL
                                                                                                                                                                                                                                                • API String ID: 1385522511-4196123274
                                                                                                                                                                                                                                                • Opcode ID: 1b583e9f27befaa9468e4b58af21081d7c9c5bb814dd21ac46735df7bc44bd16
                                                                                                                                                                                                                                                • Instruction ID: 8466e23eced39660e727cb6f975f4634fc952985874d3a049c3cb52050d4f098
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1b583e9f27befaa9468e4b58af21081d7c9c5bb814dd21ac46735df7bc44bd16
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3422BB70608241DFC714CF14C484BAABBF1BF89316F548A1DF8968B361D7B9E959CB82
                                                                                                                                                                                                                                                Function 00742DE3 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 64COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetOpenFileNameW.COMDLG32(?), ref: 00782C8C
                                                                                                                                                                                                                                                  • Part of subcall function 00743AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00743A97,?,?,00742E7F,?,?,?,00000000), ref: 00743AC2
                                                                                                                                                                                                                                                  • Part of subcall function 00742DA5: GetLongPathNameW.KERNELBASE(?,?,00007FFF), ref: 00742DC4
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Name$Path$FileFullLongOpen
                                                                                                                                                                                                                                                • String ID: X
                                                                                                                                                                                                                                                • API String ID: 779396738-3081909835
                                                                                                                                                                                                                                                • Opcode ID: ffaba4f34842008242cfcd04d8f162c0ebeb17a5edbc4fb026c479a58f844239
                                                                                                                                                                                                                                                • Instruction ID: 57baed0220494e8994f0c1720b4572502624b9292692bf95171abcae6918e7fb
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ffaba4f34842008242cfcd04d8f162c0ebeb17a5edbc4fb026c479a58f844239
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 61218171A00258DBCB41AF94CC49BEE7BBCAF49314F008059E505E7282EBB85A59CFA5
                                                                                                                                                                                                                                                Function 00743837 Relevance: 3.1, APIs: 2, Instructions: 77windowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • Shell_NotifyIconW.SHELL32(00000000,?), ref: 00743908
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: IconNotifyShell_
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 1144537725-0
                                                                                                                                                                                                                                                • Opcode ID: 7d5f47b59f46706c539afaf3191202fe993b93b3ec2e0f7d3555c43e2dc05602
                                                                                                                                                                                                                                                • Instruction ID: fd3f06fe26caecc371d59770d40996fef3f427d5338cc4201d382738cd42aa2b
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7d5f47b59f46706c539afaf3191202fe993b93b3ec2e0f7d3555c43e2dc05602
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2B315EB0505701DFD761DF24D889B97BBE8FF49708F00092EF6AA87250E779AA44CB52
                                                                                                                                                                                                                                                Function 0075F645 Relevance: 3.0, APIs: 2, Instructions: 29sleeptimeCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • timeGetTime.WINMM ref: 0075F661
                                                                                                                                                                                                                                                  • Part of subcall function 0074D730: GetInputState.USER32 ref: 0074D807
                                                                                                                                                                                                                                                • Sleep.KERNEL32(00000000), ref: 0079F2DE
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: InputSleepStateTimetime
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 4149333218-0
                                                                                                                                                                                                                                                • Opcode ID: b6967a20a6d69c4213df64692851feb9ead577e826723713507132536c47ce89
                                                                                                                                                                                                                                                • Instruction ID: adcaae25626b73cd8cecde6c7c6bf6e0afabbc2552bc21c190c1936b31a5fbbf
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b6967a20a6d69c4213df64692851feb9ead577e826723713507132536c47ce89
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 26F08C31240205EFD310EF69D549BAAF7E8FF49761F00402AE85DC72A0DB74AC00CB94
                                                                                                                                                                                                                                                Function 00744ECB Relevance: 1.6, APIs: 1, Instructions: 65libraryCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 00744E90: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00744EDD,?,00811418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00744E9C
                                                                                                                                                                                                                                                  • Part of subcall function 00744E90: GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00744EAE
                                                                                                                                                                                                                                                  • Part of subcall function 00744E90: FreeLibrary.KERNEL32(00000000,?,?,00744EDD,?,00811418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00744EC0
                                                                                                                                                                                                                                                • LoadLibraryExW.KERNEL32(?,00000000,00000002,?,00811418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00744EFD
                                                                                                                                                                                                                                                  • Part of subcall function 00744E59: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00783CDE,?,00811418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00744E62
                                                                                                                                                                                                                                                  • Part of subcall function 00744E59: GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00744E74
                                                                                                                                                                                                                                                  • Part of subcall function 00744E59: FreeLibrary.KERNEL32(00000000,?,?,00783CDE,?,00811418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00744E87
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Library$Load$AddressFreeProc
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2632591731-0
                                                                                                                                                                                                                                                • Opcode ID: 73dc6ce15db51de38989f4c64b77f64e75db7f8ff1a89f40aa2c9c1855b5e7ab
                                                                                                                                                                                                                                                • Instruction ID: b7c2572902c0523260d352b5b9e2f808fcbdf34f75b54ac58a90f2549c02594e
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 73dc6ce15db51de38989f4c64b77f64e75db7f8ff1a89f40aa2c9c1855b5e7ab
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6D11E332640205EBCB14BB64DC0AFAD77A5AF40B10F10842EF542A61D2EF7CAA09A760
                                                                                                                                                                                                                                                Function 00778402 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: __wsopen_s
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 3347428461-0
                                                                                                                                                                                                                                                • Opcode ID: e0aa94b50f736163b638abb53b5f2f5b0c4d77fc6e563c3cbd9389a220afa55f
                                                                                                                                                                                                                                                • Instruction ID: da0e13a1fffe03485003c282a792930029a52449f9e123d9c601e25b2f6da3a1
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e0aa94b50f736163b638abb53b5f2f5b0c4d77fc6e563c3cbd9389a220afa55f
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8B11187590410AAFCF05DF58E94599A7BF9EF48314F108069F808AB312DA75EA11CBA5
                                                                                                                                                                                                                                                Function 00775000 Relevance: 1.6, APIs: 1, Instructions: 52COMMONLIBRARYCODE
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 00774C7D: RtlAllocateHeap.NTDLL(00000008,00741129,00000000,?,00772E29,00000001,00000364,?,?,?,0076F2DE,00773863,00811444,?,0075FDF5,?), ref: 00774CBE
                                                                                                                                                                                                                                                • _free.LIBCMT ref: 0077506C
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: AllocateHeap_free
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 614378929-0
                                                                                                                                                                                                                                                • Opcode ID: 9ba45ce058d1080761d5af908226540236078fd1fc19e2e0238d0ad147f07c6e
                                                                                                                                                                                                                                                • Instruction ID: 3d2c3d3ddd92956722e343c22d7a9c639b7d608d5ceefea078e2c7f091651667
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9ba45ce058d1080761d5af908226540236078fd1fc19e2e0238d0ad147f07c6e
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3E014E722047049BE7318F65D84595AFBECFB853B0F25461DE198932C0E7746C05C774
                                                                                                                                                                                                                                                Function 0076E602 Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
                                                                                                                                                                                                                                                • Instruction ID: 81abe461b0c0a8f0948690c15eeaebd99a71f3372f81e0df2ec19ca27c9cf4e2
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C0F0F936510A14EACA313A65DC0DB5A33989F52370F104715FD26A21D2CB7CA80289B6
                                                                                                                                                                                                                                                Function 00774C7D Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • RtlAllocateHeap.NTDLL(00000008,00741129,00000000,?,00772E29,00000001,00000364,?,?,?,0076F2DE,00773863,00811444,?,0075FDF5,?), ref: 00774CBE
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: AllocateHeap
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 1279760036-0
                                                                                                                                                                                                                                                • Opcode ID: addcd3fe58918c020aa7f225b824d4065e1537052742ba5ce524bef4cf17801d
                                                                                                                                                                                                                                                • Instruction ID: 6e74f3c0f5f6aeec7665b5ebf78d584273b0a724c0fb969998ab7a5d7d2685a9
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: addcd3fe58918c020aa7f225b824d4065e1537052742ba5ce524bef4cf17801d
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: ECF0B432602224A6DF235F629C09B5A3788BF417E0B19C512FD1EA6685CB3DDC0086B0
                                                                                                                                                                                                                                                Function 00773820 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • RtlAllocateHeap.NTDLL(00000000,?,00811444,?,0075FDF5,?,?,0074A976,00000010,00811440,007413FC,?,007413C6,?,00741129), ref: 00773852
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: AllocateHeap
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 1279760036-0
                                                                                                                                                                                                                                                • Opcode ID: b238452ef7b2327c5380f2a4d71667ad07d1b90af121188c5c741f803ef1eb94
                                                                                                                                                                                                                                                • Instruction ID: 7829830aa4c1798ad20735f3a1dbbf2440a4b0ce6e71104e83dbc28419b96997
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b238452ef7b2327c5380f2a4d71667ad07d1b90af121188c5c741f803ef1eb94
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1FE0E532201225DAEF212A669C09F9A3748AF427F0F058123FC1D92981CB3DDD01A1F2
                                                                                                                                                                                                                                                Function 00744F39 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(?,?,00811418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00744F6D
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: FreeLibrary
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 3664257935-0
                                                                                                                                                                                                                                                • Opcode ID: 165d825702133fa29568c5099ffa7e31ca9eeeed5fb0af414b66abb24fdfd772
                                                                                                                                                                                                                                                • Instruction ID: a2fded8eaf466a059c91f34c1384dd1260185d24e0f5c868a5250cfc4b02af3e
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 165d825702133fa29568c5099ffa7e31ca9eeeed5fb0af414b66abb24fdfd772
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6BF03071105752DFDB349F64D494912B7F4AF14319319897EE1EA82521C7399848EF10
                                                                                                                                                                                                                                                Function 007D2A55 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • IsWindow.USER32(00000000), ref: 007D2A66
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Window
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2353593579-0
                                                                                                                                                                                                                                                • Opcode ID: f54b5e74f5470457523d482fbfabc2584ee5f8981516f168ce47c57932329513
                                                                                                                                                                                                                                                • Instruction ID: 24d70aca1c9050a457d716dd338cffe9496c53e4ce342c4f58872b52b6bed7f2
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f54b5e74f5470457523d482fbfabc2584ee5f8981516f168ce47c57932329513
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 95E04F36350116AAC714EA30DC849FAB36CEBE53957108637BC1AC2201EB38D9978AA0
                                                                                                                                                                                                                                                Function 007430F2 Relevance: 1.5, APIs: 1, Instructions: 24windowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • Shell_NotifyIconW.SHELL32(00000002,?), ref: 0074314E
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: IconNotifyShell_
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 1144537725-0
                                                                                                                                                                                                                                                • Opcode ID: 46dbcc0d521385e41aa70c0b5cdd2aeaa9c421b398e88bf06fdc295410b0a7f0
                                                                                                                                                                                                                                                • Instruction ID: ace3ddbef8bb8fddff6f4062410c62c5099fe842884d5a98190f4e1d0ba55985
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 46dbcc0d521385e41aa70c0b5cdd2aeaa9c421b398e88bf06fdc295410b0a7f0
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 52F0A7709003189FEB529B24DC497D57BBCBB01708F0040E5A64896286D7784788CF41
                                                                                                                                                                                                                                                Function 00742DA5 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetLongPathNameW.KERNELBASE(?,?,00007FFF), ref: 00742DC4
                                                                                                                                                                                                                                                  • Part of subcall function 00746B57: _wcslen.LIBCMT ref: 00746B6A
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: LongNamePath_wcslen
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 541455249-0
                                                                                                                                                                                                                                                • Opcode ID: ddae1887ba196ba649c2c8488a77e385f33aacd237cb618ef6c8145e379e2c83
                                                                                                                                                                                                                                                • Instruction ID: a53dff89fb824b32face467db41aa278cdeca72cd8a2b9b1b194917becc4fb8e
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ddae1887ba196ba649c2c8488a77e385f33aacd237cb618ef6c8145e379e2c83
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2DE0CD726011249BCB11A2589C09FDA77EDDFC8790F054071FD09E7248DA64AD80C655
                                                                                                                                                                                                                                                Function 00742B3D Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 00743837: Shell_NotifyIconW.SHELL32(00000000,?), ref: 00743908
                                                                                                                                                                                                                                                  • Part of subcall function 0074D730: GetInputState.USER32 ref: 0074D807
                                                                                                                                                                                                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 00742B6B
                                                                                                                                                                                                                                                  • Part of subcall function 007430F2: Shell_NotifyIconW.SHELL32(00000002,?), ref: 0074314E
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: IconNotifyShell_$CurrentDirectoryInputState
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 3667716007-0
                                                                                                                                                                                                                                                • Opcode ID: 859ffcdba042ebcdca28f9c4786967fcc4792876a3cc688ab51801e487c353ef
                                                                                                                                                                                                                                                • Instruction ID: af07d8866d3efb6707fddbb9f95f77c79e5593d317fd4a440acb26d45596921a
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 859ffcdba042ebcdca28f9c4786967fcc4792876a3cc688ab51801e487c353ef
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CFE0262130020483CE04BB74985E4ADF35EDFD1711F40053EF24683163CF6C49898252
                                                                                                                                                                                                                                                Function 0078039A Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • CreateFileW.KERNELBASE(00000000,00000000,?,00780704,?,?,00000000,?,00780704,00000000,0000000C), ref: 007803B7
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CreateFile
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 823142352-0
                                                                                                                                                                                                                                                • Opcode ID: eb2673c007b5cd495b3d55e643518a06e5a78caf4ee60bed3b95cf187b625f11
                                                                                                                                                                                                                                                • Instruction ID: 20b0b51c856acec72a5d0ab97ed2fba98526de2888fe199620d4ec9ee90f5149
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: eb2673c007b5cd495b3d55e643518a06e5a78caf4ee60bed3b95cf187b625f11
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 17D06C3204010DBBDF028F84DD06EDA3BAAFB48714F018000BE1856020C736E821EB94
                                                                                                                                                                                                                                                Function 00741CAD Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • SystemParametersInfoW.USER32(00002001,00000000,00000002), ref: 00741CBC
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: InfoParametersSystem
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 3098949447-0
                                                                                                                                                                                                                                                • Opcode ID: f11ac4e2a3fda51ab6902bce07cdf6b6808a34e6149b9c00f359e2916d2ed2f9
                                                                                                                                                                                                                                                • Instruction ID: 08e5a822fc97d7257d99edee53ce544b2c1f5da70645190d2acb00cb9891278a
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f11ac4e2a3fda51ab6902bce07cdf6b6808a34e6149b9c00f359e2916d2ed2f9
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6CC09B352803059FF6554780BC4EF90776DF748B00F14C101F70A555E3C3A51430D654

                                                                                                                                                                                                                                                Non-executed Functions

                                                                                                                                                                                                                                                Function 007D9576 Relevance: 72.4, APIs: 39, Strings: 2, Instructions: 625windowkeyboardCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 00759BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00759BB2
                                                                                                                                                                                                                                                • DefDlgProcW.USER32(?,0000004E,?,?,?,?,?,?), ref: 007D961A
                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 007D965B
                                                                                                                                                                                                                                                • GetWindowLongW.USER32(FFFFFDD9,000000F0), ref: 007D969F
                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 007D96C9
                                                                                                                                                                                                                                                • SendMessageW.USER32 ref: 007D96F2
                                                                                                                                                                                                                                                • GetKeyState.USER32(00000011), ref: 007D978B
                                                                                                                                                                                                                                                • GetKeyState.USER32(00000009), ref: 007D9798
                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 007D97AE
                                                                                                                                                                                                                                                • GetKeyState.USER32(00000010), ref: 007D97B8
                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 007D97E9
                                                                                                                                                                                                                                                • SendMessageW.USER32 ref: 007D9810
                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001030,?,007D7E95), ref: 007D9918
                                                                                                                                                                                                                                                • ImageList_SetDragCursorImage.COMCTL32(00000000,00000000,00000000,?,?,?), ref: 007D992E
                                                                                                                                                                                                                                                • ImageList_BeginDrag.COMCTL32(00000000,000000F8,000000F0), ref: 007D9941
                                                                                                                                                                                                                                                • SetCapture.USER32(?), ref: 007D994A
                                                                                                                                                                                                                                                • ClientToScreen.USER32(?,?), ref: 007D99AF
                                                                                                                                                                                                                                                • ImageList_DragEnter.COMCTL32(00000000,?,?), ref: 007D99BC
                                                                                                                                                                                                                                                • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 007D99D6
                                                                                                                                                                                                                                                • ReleaseCapture.USER32 ref: 007D99E1
                                                                                                                                                                                                                                                • GetCursorPos.USER32(?), ref: 007D9A19
                                                                                                                                                                                                                                                • ScreenToClient.USER32(?,?), ref: 007D9A26
                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001012,00000000,?), ref: 007D9A80
                                                                                                                                                                                                                                                • SendMessageW.USER32 ref: 007D9AAE
                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001111,00000000,?), ref: 007D9AEB
                                                                                                                                                                                                                                                • SendMessageW.USER32 ref: 007D9B1A
                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000110B,00000009,00000000), ref: 007D9B3B
                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000110B,00000009,?), ref: 007D9B4A
                                                                                                                                                                                                                                                • GetCursorPos.USER32(?), ref: 007D9B68
                                                                                                                                                                                                                                                • ScreenToClient.USER32(?,?), ref: 007D9B75
                                                                                                                                                                                                                                                • GetParent.USER32(?), ref: 007D9B93
                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001012,00000000,?), ref: 007D9BFA
                                                                                                                                                                                                                                                • SendMessageW.USER32 ref: 007D9C2B
                                                                                                                                                                                                                                                • ClientToScreen.USER32(?,?), ref: 007D9C84
                                                                                                                                                                                                                                                • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000), ref: 007D9CB4
                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001111,00000000,?), ref: 007D9CDE
                                                                                                                                                                                                                                                • SendMessageW.USER32 ref: 007D9D01
                                                                                                                                                                                                                                                • ClientToScreen.USER32(?,?), ref: 007D9D4E
                                                                                                                                                                                                                                                • TrackPopupMenuEx.USER32(?,00000080,?,?,?,00000000), ref: 007D9D82
                                                                                                                                                                                                                                                  • Part of subcall function 00759944: GetWindowLongW.USER32(?,000000EB), ref: 00759952
                                                                                                                                                                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 007D9E05
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: MessageSend$ClientScreen$ImageLongWindow$CursorDragList_State$CaptureMenuPopupTrack$BeginEnterInvalidateParentProcRectRelease
                                                                                                                                                                                                                                                • String ID: @GUI_DRAGID$F
                                                                                                                                                                                                                                                • API String ID: 3429851547-4164748364
                                                                                                                                                                                                                                                • Opcode ID: 35d2f706828bafbe60c4a2990d90d0c47a4eaae5197ebffdb0be72d6da7fac94
                                                                                                                                                                                                                                                • Instruction ID: 7b7766648e7011cf021461cba7b213679da4cde0482bbf665fa7d58f2ff903d6
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 35d2f706828bafbe60c4a2990d90d0c47a4eaae5197ebffdb0be72d6da7fac94
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 38428A34205201EFDB25CF24CC48AAABBF9FF49320F14465AF699973A1D739E864CB51
                                                                                                                                                                                                                                                Function 007D4873 Relevance: 60.1, APIs: 33, Strings: 1, Instructions: 566windowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000408,00000000,00000000), ref: 007D48F3
                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000188,00000000,00000000), ref: 007D4908
                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,0000018A,00000000,00000000), ref: 007D4927
                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000148,00000000,00000000), ref: 007D494B
                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000147,00000000,00000000), ref: 007D495C
                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000149,00000000,00000000), ref: 007D497B
                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,0000130B,00000000,00000000), ref: 007D49AE
                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,0000133C,00000000,?), ref: 007D49D4
                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,0000110A,00000009,00000000), ref: 007D4A0F
                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 007D4A56
                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 007D4A7E
                                                                                                                                                                                                                                                • IsMenu.USER32(?), ref: 007D4A97
                                                                                                                                                                                                                                                • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 007D4AF2
                                                                                                                                                                                                                                                • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 007D4B20
                                                                                                                                                                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 007D4B94
                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000113E,00000000,00000008), ref: 007D4BE3
                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00001001,00000000,?), ref: 007D4C82
                                                                                                                                                                                                                                                • wsprintfW.USER32 ref: 007D4CAE
                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 007D4CC9
                                                                                                                                                                                                                                                • GetWindowTextW.USER32(?,00000000,00000001), ref: 007D4CF1
                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,000000F0,00000000,00000000), ref: 007D4D13
                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 007D4D33
                                                                                                                                                                                                                                                • GetWindowTextW.USER32(?,00000000,00000001), ref: 007D4D5A
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: MessageSend$MenuWindow$InfoItemText$Longwsprintf
                                                                                                                                                                                                                                                • String ID: %d/%02d/%02d
                                                                                                                                                                                                                                                • API String ID: 4054740463-328681919
                                                                                                                                                                                                                                                • Opcode ID: f2b9e6e92394304ef89e22657518ee47751b823de8487037750a4042dece5382
                                                                                                                                                                                                                                                • Instruction ID: 89df7b3977917550a4b555093aac3e6d725a15e01b90c15fcb310037cf22c84c
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f2b9e6e92394304ef89e22657518ee47751b823de8487037750a4042dece5382
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7B12FF71600215ABEB258F28CC49FAE7BF8FF45310F14816AF956EB2E1DB789941CB50
                                                                                                                                                                                                                                                Function 0075F98E Relevance: 43.9, APIs: 24, Strings: 1, Instructions: 130keyboardthreadwindowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetForegroundWindow.USER32(00000000,00000000,00000000), ref: 0075F998
                                                                                                                                                                                                                                                • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 0079F474
                                                                                                                                                                                                                                                • IsIconic.USER32(00000000), ref: 0079F47D
                                                                                                                                                                                                                                                • ShowWindow.USER32(00000000,00000009), ref: 0079F48A
                                                                                                                                                                                                                                                • SetForegroundWindow.USER32(00000000), ref: 0079F494
                                                                                                                                                                                                                                                • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 0079F4AA
                                                                                                                                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 0079F4B1
                                                                                                                                                                                                                                                • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 0079F4BD
                                                                                                                                                                                                                                                • AttachThreadInput.USER32(?,00000000,00000001), ref: 0079F4CE
                                                                                                                                                                                                                                                • AttachThreadInput.USER32(?,00000000,00000001), ref: 0079F4D6
                                                                                                                                                                                                                                                • AttachThreadInput.USER32(00000000,000000FF,00000001), ref: 0079F4DE
                                                                                                                                                                                                                                                • SetForegroundWindow.USER32(00000000), ref: 0079F4E1
                                                                                                                                                                                                                                                • MapVirtualKeyW.USER32(00000012,00000000), ref: 0079F4F6
                                                                                                                                                                                                                                                • keybd_event.USER32(00000012,00000000), ref: 0079F501
                                                                                                                                                                                                                                                • MapVirtualKeyW.USER32(00000012,00000000), ref: 0079F50B
                                                                                                                                                                                                                                                • keybd_event.USER32(00000012,00000000), ref: 0079F510
                                                                                                                                                                                                                                                • MapVirtualKeyW.USER32(00000012,00000000), ref: 0079F519
                                                                                                                                                                                                                                                • keybd_event.USER32(00000012,00000000), ref: 0079F51E
                                                                                                                                                                                                                                                • MapVirtualKeyW.USER32(00000012,00000000), ref: 0079F528
                                                                                                                                                                                                                                                • keybd_event.USER32(00000012,00000000), ref: 0079F52D
                                                                                                                                                                                                                                                • SetForegroundWindow.USER32(00000000), ref: 0079F530
                                                                                                                                                                                                                                                • AttachThreadInput.USER32(?,000000FF,00000000), ref: 0079F557
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Window$Thread$AttachForegroundInputVirtualkeybd_event$Process$CurrentFindIconicShow
                                                                                                                                                                                                                                                • String ID: Shell_TrayWnd
                                                                                                                                                                                                                                                • API String ID: 4125248594-2988720461
                                                                                                                                                                                                                                                • Opcode ID: e1df48fd59321761c5b293bfda9f854187f9343df166d749f5b9ddc30948c19d
                                                                                                                                                                                                                                                • Instruction ID: 07fd11f38ddac9e39f2b18151bc0d5071a03cedfb9b0aa4e8f3ca2a8e03601bd
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e1df48fd59321761c5b293bfda9f854187f9343df166d749f5b9ddc30948c19d
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8831B471A40219BBEF216BB55C4AFBF7F7CEB44B50F204066FA01E61D1C6B89D10EA64
                                                                                                                                                                                                                                                Function 007A1201 Relevance: 38.7, APIs: 19, Strings: 3, Instructions: 241COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 007A16C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 007A170D
                                                                                                                                                                                                                                                  • Part of subcall function 007A16C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 007A173A
                                                                                                                                                                                                                                                  • Part of subcall function 007A16C3: GetLastError.KERNEL32 ref: 007A174A
                                                                                                                                                                                                                                                • LogonUserW.ADVAPI32(?,?,?,00000000,00000000,?), ref: 007A1286
                                                                                                                                                                                                                                                • DuplicateTokenEx.ADVAPI32(?,00000000,00000000,00000002,00000001,?), ref: 007A12A8
                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 007A12B9
                                                                                                                                                                                                                                                • OpenWindowStationW.USER32(winsta0,00000000,00060000), ref: 007A12D1
                                                                                                                                                                                                                                                • GetProcessWindowStation.USER32 ref: 007A12EA
                                                                                                                                                                                                                                                • SetProcessWindowStation.USER32(00000000), ref: 007A12F4
                                                                                                                                                                                                                                                • OpenDesktopW.USER32(default,00000000,00000000,00060081), ref: 007A1310
                                                                                                                                                                                                                                                  • Part of subcall function 007A10BF: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,007A11FC), ref: 007A10D4
                                                                                                                                                                                                                                                  • Part of subcall function 007A10BF: CloseHandle.KERNEL32(?,?,007A11FC), ref: 007A10E9
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: StationTokenWindow$AdjustCloseHandleOpenPrivilegesProcess$DesktopDuplicateErrorLastLogonLookupPrivilegeUserValue
                                                                                                                                                                                                                                                • String ID: $default$winsta0
                                                                                                                                                                                                                                                • API String ID: 22674027-1027155976
                                                                                                                                                                                                                                                • Opcode ID: 10c445be159168aabb0eb5c89f68b4d2d3e8c364464409b5ee42b3693c676922
                                                                                                                                                                                                                                                • Instruction ID: 10dbac2943a1a1b025d7af13e5c539bfb25303c3479f6d54e1247d78944740fb
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 10c445be159168aabb0eb5c89f68b4d2d3e8c364464409b5ee42b3693c676922
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CF81B071900249AFEF119FA8DC49FEE7BB9FF49700F14822AF911E61A0C7398944CB65
                                                                                                                                                                                                                                                Function 007A0B62 Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 007A10F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 007A1114
                                                                                                                                                                                                                                                  • Part of subcall function 007A10F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,007A0B9B,?,?,?), ref: 007A1120
                                                                                                                                                                                                                                                  • Part of subcall function 007A10F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,007A0B9B,?,?,?), ref: 007A112F
                                                                                                                                                                                                                                                  • Part of subcall function 007A10F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,007A0B9B,?,?,?), ref: 007A1136
                                                                                                                                                                                                                                                  • Part of subcall function 007A10F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 007A114D
                                                                                                                                                                                                                                                • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 007A0BCC
                                                                                                                                                                                                                                                • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 007A0C00
                                                                                                                                                                                                                                                • GetLengthSid.ADVAPI32(?), ref: 007A0C17
                                                                                                                                                                                                                                                • GetAce.ADVAPI32(?,00000000,?), ref: 007A0C51
                                                                                                                                                                                                                                                • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 007A0C6D
                                                                                                                                                                                                                                                • GetLengthSid.ADVAPI32(?), ref: 007A0C84
                                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000008,00000008), ref: 007A0C8C
                                                                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000), ref: 007A0C93
                                                                                                                                                                                                                                                • GetLengthSid.ADVAPI32(?,00000008,?), ref: 007A0CB4
                                                                                                                                                                                                                                                • CopySid.ADVAPI32(00000000), ref: 007A0CBB
                                                                                                                                                                                                                                                • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 007A0CEA
                                                                                                                                                                                                                                                • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 007A0D0C
                                                                                                                                                                                                                                                • SetUserObjectSecurity.USER32(?,00000004,?), ref: 007A0D1E
                                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 007A0D45
                                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000), ref: 007A0D4C
                                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 007A0D55
                                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000), ref: 007A0D5C
                                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 007A0D65
                                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000), ref: 007A0D6C
                                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,?), ref: 007A0D78
                                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000), ref: 007A0D7F
                                                                                                                                                                                                                                                  • Part of subcall function 007A1193: GetProcessHeap.KERNEL32(00000008,007A0BB1,?,00000000,?,007A0BB1,?), ref: 007A11A1
                                                                                                                                                                                                                                                  • Part of subcall function 007A1193: HeapAlloc.KERNEL32(00000000,?,00000000,?,007A0BB1,?), ref: 007A11A8
                                                                                                                                                                                                                                                  • Part of subcall function 007A1193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,007A0BB1,?), ref: 007A11B7
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 4175595110-0
                                                                                                                                                                                                                                                • Opcode ID: 30e0628bca4c0b0c0abaac3ffcb71b9b62446ff1771aba3c8f55ca559d9d22d0
                                                                                                                                                                                                                                                • Instruction ID: ad3febceca84aa36a260299f142c48ed67b9660588a7c79c016c7581875fb37c
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 30e0628bca4c0b0c0abaac3ffcb71b9b62446ff1771aba3c8f55ca559d9d22d0
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3471AC72A0021AEBDF11DFA4DC49FEEBBB8BF45310F048A15F914A7191D779A905CBA0
                                                                                                                                                                                                                                                Function 007BEAFF Relevance: 30.2, APIs: 20, Instructions: 191clipboardfileCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • OpenClipboard.USER32(007DCC08), ref: 007BEB29
                                                                                                                                                                                                                                                • IsClipboardFormatAvailable.USER32(0000000D), ref: 007BEB37
                                                                                                                                                                                                                                                • GetClipboardData.USER32(0000000D), ref: 007BEB43
                                                                                                                                                                                                                                                • CloseClipboard.USER32 ref: 007BEB4F
                                                                                                                                                                                                                                                • GlobalLock.KERNEL32(00000000), ref: 007BEB87
                                                                                                                                                                                                                                                • CloseClipboard.USER32 ref: 007BEB91
                                                                                                                                                                                                                                                • GlobalUnlock.KERNEL32(00000000), ref: 007BEBBC
                                                                                                                                                                                                                                                • IsClipboardFormatAvailable.USER32(00000001), ref: 007BEBC9
                                                                                                                                                                                                                                                • GetClipboardData.USER32(00000001), ref: 007BEBD1
                                                                                                                                                                                                                                                • GlobalLock.KERNEL32(00000000), ref: 007BEBE2
                                                                                                                                                                                                                                                • GlobalUnlock.KERNEL32(00000000), ref: 007BEC22
                                                                                                                                                                                                                                                • IsClipboardFormatAvailable.USER32(0000000F), ref: 007BEC38
                                                                                                                                                                                                                                                • GetClipboardData.USER32(0000000F), ref: 007BEC44
                                                                                                                                                                                                                                                • GlobalLock.KERNEL32(00000000), ref: 007BEC55
                                                                                                                                                                                                                                                • DragQueryFileW.SHELL32(00000000,000000FF,00000000,00000000), ref: 007BEC77
                                                                                                                                                                                                                                                • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 007BEC94
                                                                                                                                                                                                                                                • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 007BECD2
                                                                                                                                                                                                                                                • GlobalUnlock.KERNEL32(00000000), ref: 007BECF3
                                                                                                                                                                                                                                                • CountClipboardFormats.USER32 ref: 007BED14
                                                                                                                                                                                                                                                • CloseClipboard.USER32 ref: 007BED59
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Clipboard$Global$AvailableCloseDataDragFileFormatLockQueryUnlock$CountFormatsOpen
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 420908878-0
                                                                                                                                                                                                                                                • Opcode ID: dddb36f2b57391a9563c2aa906ad9df43f9f6a4dbaf00e5ea9a46ea768c4eaac
                                                                                                                                                                                                                                                • Instruction ID: 7603296f6ad484c5c85b352dae460555c96b4d457d8c05333396c539711fcb64
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: dddb36f2b57391a9563c2aa906ad9df43f9f6a4dbaf00e5ea9a46ea768c4eaac
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5061C2752042029FD301EF24D888FAAB7B8BF84714F18855EF456973A2CB79ED05CB62
                                                                                                                                                                                                                                                Function 007B698F Relevance: 21.4, APIs: 7, Strings: 5, Instructions: 363timefileCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • FindFirstFileW.KERNEL32(?,?), ref: 007B69BE
                                                                                                                                                                                                                                                • FindClose.KERNEL32(00000000), ref: 007B6A12
                                                                                                                                                                                                                                                • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 007B6A4E
                                                                                                                                                                                                                                                • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 007B6A75
                                                                                                                                                                                                                                                  • Part of subcall function 00749CB3: _wcslen.LIBCMT ref: 00749CBD
                                                                                                                                                                                                                                                • FileTimeToSystemTime.KERNEL32(?,?), ref: 007B6AB2
                                                                                                                                                                                                                                                • FileTimeToSystemTime.KERNEL32(?,?), ref: 007B6ADF
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Time$File$FindLocalSystem$CloseFirst_wcslen
                                                                                                                                                                                                                                                • String ID: %02d$%03d$%4d$%4d%02d%02d%02d%02d%02d$%4d%02d%02d%02d%02d%02d%03d
                                                                                                                                                                                                                                                • API String ID: 3830820486-3289030164
                                                                                                                                                                                                                                                • Opcode ID: 881dc9949c78c19c5c224d6c43f944078b0abcbc0e4fbe04d49d8695b5e3028d
                                                                                                                                                                                                                                                • Instruction ID: 2fc844a59b73356c516a018c3d31164d900704e606b4232282a854c17feb0100
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 881dc9949c78c19c5c224d6c43f944078b0abcbc0e4fbe04d49d8695b5e3028d
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1FD151B2508340EEC714EBA4C885EAFB7ECBF88704F44491DF585D6191EB79DA48CB62
                                                                                                                                                                                                                                                Function 007B9642 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 118fileCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • FindFirstFileW.KERNEL32(?,?,74DE8FB0,?,00000000), ref: 007B9663
                                                                                                                                                                                                                                                • GetFileAttributesW.KERNEL32(?), ref: 007B96A1
                                                                                                                                                                                                                                                • SetFileAttributesW.KERNEL32(?,?), ref: 007B96BB
                                                                                                                                                                                                                                                • FindNextFileW.KERNEL32(00000000,?), ref: 007B96D3
                                                                                                                                                                                                                                                • FindClose.KERNEL32(00000000), ref: 007B96DE
                                                                                                                                                                                                                                                • FindFirstFileW.KERNEL32(*.*,?), ref: 007B96FA
                                                                                                                                                                                                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 007B974A
                                                                                                                                                                                                                                                • SetCurrentDirectoryW.KERNEL32(00806B7C), ref: 007B9768
                                                                                                                                                                                                                                                • FindNextFileW.KERNEL32(00000000,00000010), ref: 007B9772
                                                                                                                                                                                                                                                • FindClose.KERNEL32(00000000), ref: 007B977F
                                                                                                                                                                                                                                                • FindClose.KERNEL32(00000000), ref: 007B978F
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Find$File$Close$AttributesCurrentDirectoryFirstNext
                                                                                                                                                                                                                                                • String ID: *.*
                                                                                                                                                                                                                                                • API String ID: 1409584000-438819550
                                                                                                                                                                                                                                                • Opcode ID: bde8a3cdde9e6e647cd5b9d1843fe739b50888a96164ecbcb3990f2e08352e9f
                                                                                                                                                                                                                                                • Instruction ID: 78b39085da6e693403e721fed2847496defdf94ebf5386c32cdba5437178cce7
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: bde8a3cdde9e6e647cd5b9d1843fe739b50888a96164ecbcb3990f2e08352e9f
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1231B27254121A6EDF11AFB4DC48BDE77BCAF09320F108156EA25E2190EB3CD940CA64
                                                                                                                                                                                                                                                Function 007B979D Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 111fileCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • FindFirstFileW.KERNEL32(?,?,74DE8FB0,?,00000000), ref: 007B97BE
                                                                                                                                                                                                                                                • FindNextFileW.KERNEL32(00000000,?), ref: 007B9819
                                                                                                                                                                                                                                                • FindClose.KERNEL32(00000000), ref: 007B9824
                                                                                                                                                                                                                                                • FindFirstFileW.KERNEL32(*.*,?), ref: 007B9840
                                                                                                                                                                                                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 007B9890
                                                                                                                                                                                                                                                • SetCurrentDirectoryW.KERNEL32(00806B7C), ref: 007B98AE
                                                                                                                                                                                                                                                • FindNextFileW.KERNEL32(00000000,00000010), ref: 007B98B8
                                                                                                                                                                                                                                                • FindClose.KERNEL32(00000000), ref: 007B98C5
                                                                                                                                                                                                                                                • FindClose.KERNEL32(00000000), ref: 007B98D5
                                                                                                                                                                                                                                                  • Part of subcall function 007ADAE5: CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000), ref: 007ADB00
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Find$File$Close$CurrentDirectoryFirstNext$Create
                                                                                                                                                                                                                                                • String ID: *.*
                                                                                                                                                                                                                                                • API String ID: 2640511053-438819550
                                                                                                                                                                                                                                                • Opcode ID: a443a226e5a372aab87efe44854cc653685ae25d0187c8a7a2f256b98144ab6d
                                                                                                                                                                                                                                                • Instruction ID: 65f31e997eb15213e12e5f74331edc91b437baa118994226d75931e842e27b96
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a443a226e5a372aab87efe44854cc653685ae25d0187c8a7a2f256b98144ab6d
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3731C37150161AAEDF11AFB4DC48BDE77BCAF06320F108156EA24E21E0DB39DD54CA64
                                                                                                                                                                                                                                                Function 007CBE44 Relevance: 17.0, APIs: 11, Instructions: 456registryCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 007CC998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,007CB6AE,?,?), ref: 007CC9B5
                                                                                                                                                                                                                                                  • Part of subcall function 007CC998: _wcslen.LIBCMT ref: 007CC9F1
                                                                                                                                                                                                                                                  • Part of subcall function 007CC998: _wcslen.LIBCMT ref: 007CCA68
                                                                                                                                                                                                                                                  • Part of subcall function 007CC998: _wcslen.LIBCMT ref: 007CCA9E
                                                                                                                                                                                                                                                • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 007CBF3E
                                                                                                                                                                                                                                                • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?), ref: 007CBFA9
                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(00000000), ref: 007CBFCD
                                                                                                                                                                                                                                                • RegQueryValueExW.ADVAPI32(?,?,00000000,?,00000000,?), ref: 007CC02C
                                                                                                                                                                                                                                                • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,00000008), ref: 007CC0E7
                                                                                                                                                                                                                                                • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 007CC154
                                                                                                                                                                                                                                                • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 007CC1E9
                                                                                                                                                                                                                                                • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,00000000,?,?,?,00000000), ref: 007CC23A
                                                                                                                                                                                                                                                • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 007CC2E3
                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?,?,00000000), ref: 007CC382
                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(00000000), ref: 007CC38F
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: QueryValue$Close_wcslen$BuffCharConnectOpenRegistryUpper
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 3102970594-0
                                                                                                                                                                                                                                                • Opcode ID: de85e110b5a73a9e0b17dd04f675ca8f432c2a3c1bb327731f90a0d95532e61d
                                                                                                                                                                                                                                                • Instruction ID: f716bbac8e5fdbe4ff33795084091768dab4e7b0eacefef30c427c41763a4353
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: de85e110b5a73a9e0b17dd04f675ca8f432c2a3c1bb327731f90a0d95532e61d
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 53023871604240EFD715DF28C895E2ABBE5AF89308F18849DF84ADB2A2D735EC45CB52
                                                                                                                                                                                                                                                Function 007B8195 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 186timeCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetLocalTime.KERNEL32(?), ref: 007B8257
                                                                                                                                                                                                                                                • SystemTimeToFileTime.KERNEL32(?,?), ref: 007B8267
                                                                                                                                                                                                                                                • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 007B8273
                                                                                                                                                                                                                                                • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 007B8310
                                                                                                                                                                                                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 007B8324
                                                                                                                                                                                                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 007B8356
                                                                                                                                                                                                                                                • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 007B838C
                                                                                                                                                                                                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 007B8395
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CurrentDirectoryTime$File$Local$System
                                                                                                                                                                                                                                                • String ID: *.*
                                                                                                                                                                                                                                                • API String ID: 1464919966-438819550
                                                                                                                                                                                                                                                • Opcode ID: 3f1fe000ee6a3e320e87930f3ea93a7648b516ab4f8070df5636b51dd0238f8d
                                                                                                                                                                                                                                                • Instruction ID: e3aea9f663e1e3297cfe588b34c1d97a2f9f56bdb31b4b4fffd5a79236b1c48d
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3f1fe000ee6a3e320e87930f3ea93a7648b516ab4f8070df5636b51dd0238f8d
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8F6148725043459FCB50EF64C844AAEB3ECFF89314F04891EF99987251EB39E945CB92
                                                                                                                                                                                                                                                Function 007AD076 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 172fileCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 00743AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00743A97,?,?,00742E7F,?,?,?,00000000), ref: 00743AC2
                                                                                                                                                                                                                                                  • Part of subcall function 007AE199: GetFileAttributesW.KERNEL32(?,007ACF95), ref: 007AE19A
                                                                                                                                                                                                                                                • FindFirstFileW.KERNEL32(?,?), ref: 007AD122
                                                                                                                                                                                                                                                • DeleteFileW.KERNEL32(?,?,?,?,?,00000000,?,?,?), ref: 007AD1DD
                                                                                                                                                                                                                                                • MoveFileW.KERNEL32(?,?), ref: 007AD1F0
                                                                                                                                                                                                                                                • DeleteFileW.KERNEL32(?,?,?,?), ref: 007AD20D
                                                                                                                                                                                                                                                • FindNextFileW.KERNEL32(00000000,00000010), ref: 007AD237
                                                                                                                                                                                                                                                  • Part of subcall function 007AD29C: CopyFileExW.KERNEL32(?,?,00000000,00000000,00000000,00000008,?,?,007AD21C,?,?), ref: 007AD2B2
                                                                                                                                                                                                                                                • FindClose.KERNEL32(00000000,?,?,?), ref: 007AD253
                                                                                                                                                                                                                                                • FindClose.KERNEL32(00000000), ref: 007AD264
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: File$Find$CloseDelete$AttributesCopyFirstFullMoveNameNextPath
                                                                                                                                                                                                                                                • String ID: \*.*
                                                                                                                                                                                                                                                • API String ID: 1946585618-1173974218
                                                                                                                                                                                                                                                • Opcode ID: b285d9976ce0183ba04c0316aa43106180ec25d0885a4424c18e8b0ecf5d0a63
                                                                                                                                                                                                                                                • Instruction ID: 8422592a81206b25d403e322a40778abb78306a78bf119715bf0c347b9597196
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b285d9976ce0183ba04c0316aa43106180ec25d0885a4424c18e8b0ecf5d0a63
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 90615F3180114DEBCF15EBE0D996AEDB779BF56300F208265E40677192EB386F09CB61
                                                                                                                                                                                                                                                Function 007BED6A Relevance: 13.6, APIs: 9, Instructions: 102clipboardmemoryCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Clipboard$AllocCloseEmptyGlobalOpen
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 1737998785-0
                                                                                                                                                                                                                                                • Opcode ID: 90dca3a0765156debcca3fdd8a9f58b203c7c6be2a6ff1e59a1facd59953ed07
                                                                                                                                                                                                                                                • Instruction ID: 4b8800ca4a0ff87aa9cfa44ab98f0d28c19d4bde79f499a99a880fe832c11bd7
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 90dca3a0765156debcca3fdd8a9f58b203c7c6be2a6ff1e59a1facd59953ed07
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7F419E35605612EFE721DF15D888B99BBE5FF44318F18C09AE8158B762C779EC41CB90
                                                                                                                                                                                                                                                Function 007AE8F6 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 57shutdownCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 007A16C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 007A170D
                                                                                                                                                                                                                                                  • Part of subcall function 007A16C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 007A173A
                                                                                                                                                                                                                                                  • Part of subcall function 007A16C3: GetLastError.KERNEL32 ref: 007A174A
                                                                                                                                                                                                                                                • ExitWindowsEx.USER32(?,00000000), ref: 007AE932
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: AdjustErrorExitLastLookupPrivilegePrivilegesTokenValueWindows
                                                                                                                                                                                                                                                • String ID: $ $@$SeShutdownPrivilege
                                                                                                                                                                                                                                                • API String ID: 2234035333-3163812486
                                                                                                                                                                                                                                                • Opcode ID: 03a20a7a36538af20ed951d8212a797a9c15bdd9ba36aac1e390e4ffd9121799
                                                                                                                                                                                                                                                • Instruction ID: d101a407932f6ec6231e73eca6b3962db4a9df2320ee08dddf7f2445ef434bed
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 03a20a7a36538af20ed951d8212a797a9c15bdd9ba36aac1e390e4ffd9121799
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AA012632610311ABEB5422B49C8ABBB726CAB86740F154622F803E21D1E5AC7C4081A6
                                                                                                                                                                                                                                                Function 007C1204 Relevance: 12.1, APIs: 8, Instructions: 113networkCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • socket.WSOCK32(00000002,00000001,00000006,?,00000002,00000000), ref: 007C1276
                                                                                                                                                                                                                                                • WSAGetLastError.WSOCK32 ref: 007C1283
                                                                                                                                                                                                                                                • bind.WSOCK32(00000000,?,00000010), ref: 007C12BA
                                                                                                                                                                                                                                                • WSAGetLastError.WSOCK32 ref: 007C12C5
                                                                                                                                                                                                                                                • closesocket.WSOCK32(00000000), ref: 007C12F4
                                                                                                                                                                                                                                                • listen.WSOCK32(00000000,00000005), ref: 007C1303
                                                                                                                                                                                                                                                • WSAGetLastError.WSOCK32 ref: 007C130D
                                                                                                                                                                                                                                                • closesocket.WSOCK32(00000000), ref: 007C133C
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ErrorLast$closesocket$bindlistensocket
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 540024437-0
                                                                                                                                                                                                                                                • Opcode ID: 78fdd3c7829f39d7be2155f5cdf3cfc9726ecb62c34f2d3702790ca61d74b182
                                                                                                                                                                                                                                                • Instruction ID: 9c548a33999b67b554dee07271f3cb93eab6eb662a28f6da814d791213394201
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 78fdd3c7829f39d7be2155f5cdf3cfc9726ecb62c34f2d3702790ca61d74b182
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CD417C35A001419FD710DF24C488F2ABBE6BF46318F58819DE8568F293C779EC81CBA1
                                                                                                                                                                                                                                                Function 007AD3A9 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 91fileCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 00743AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00743A97,?,?,00742E7F,?,?,?,00000000), ref: 00743AC2
                                                                                                                                                                                                                                                  • Part of subcall function 007AE199: GetFileAttributesW.KERNEL32(?,007ACF95), ref: 007AE19A
                                                                                                                                                                                                                                                • FindFirstFileW.KERNEL32(?,?), ref: 007AD420
                                                                                                                                                                                                                                                • DeleteFileW.KERNEL32(?,?,?,?), ref: 007AD470
                                                                                                                                                                                                                                                • FindNextFileW.KERNEL32(00000000,00000010), ref: 007AD481
                                                                                                                                                                                                                                                • FindClose.KERNEL32(00000000), ref: 007AD498
                                                                                                                                                                                                                                                • FindClose.KERNEL32(00000000), ref: 007AD4A1
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: FileFind$Close$AttributesDeleteFirstFullNameNextPath
                                                                                                                                                                                                                                                • String ID: \*.*
                                                                                                                                                                                                                                                • API String ID: 2649000838-1173974218
                                                                                                                                                                                                                                                • Opcode ID: 484ed33afec96670837794697d221126ff202270f2b4f771e31e9b95142811e9
                                                                                                                                                                                                                                                • Instruction ID: 9299a5974ba8dece058e6461b1b65fe616bba4de09dcce1891c8f53c56f6867b
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 484ed33afec96670837794697d221126ff202270f2b4f771e31e9b95142811e9
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 943182710093859FC315EF64C8598AFB7A8BE96304F444A1EF8D693191EB38AE09C763
                                                                                                                                                                                                                                                Function 0077E4FF Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1381COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: __floor_pentium4
                                                                                                                                                                                                                                                • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                                                                                                                                                • API String ID: 4168288129-2761157908
                                                                                                                                                                                                                                                • Opcode ID: 6da608e357f122b9438bfc2e49348ad726fd78cc2f58cc33a91118d659d08929
                                                                                                                                                                                                                                                • Instruction ID: 0cf29337451bf9f21573dfb1c974befc1d73081e48b1a69f6eb76876a428ebc4
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6da608e357f122b9438bfc2e49348ad726fd78cc2f58cc33a91118d659d08929
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B8C23C72E046288FDF25CE28DD447EAB7B5EB49344F1481EAD84DE7241E778AE818F40
                                                                                                                                                                                                                                                Function 007B648E Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 367comCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 007B64DC
                                                                                                                                                                                                                                                • CoInitialize.OLE32(00000000), ref: 007B6639
                                                                                                                                                                                                                                                • CoCreateInstance.OLE32(007DFCF8,00000000,00000001,007DFB68,?), ref: 007B6650
                                                                                                                                                                                                                                                • CoUninitialize.OLE32 ref: 007B68D4
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CreateInitializeInstanceUninitialize_wcslen
                                                                                                                                                                                                                                                • String ID: .lnk
                                                                                                                                                                                                                                                • API String ID: 886957087-24824748
                                                                                                                                                                                                                                                • Opcode ID: 2b9e1861482e99781c93e101dbe3215d0d12340be7938e5ca62ae0461df22bfa
                                                                                                                                                                                                                                                • Instruction ID: 264eb2060f418d61e8344a0fc5eaf4c17fefb9ef2eb40571867932e672e29971
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2b9e1861482e99781c93e101dbe3215d0d12340be7938e5ca62ae0461df22bfa
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 60D149715082019FC314DF24C885EABB7E8FF94704F14495DF6958B2A1EB79E909CBA2
                                                                                                                                                                                                                                                Function 007C22DA Relevance: 9.1, APIs: 6, Instructions: 103COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetForegroundWindow.USER32(?,?,00000000), ref: 007C22E8
                                                                                                                                                                                                                                                  • Part of subcall function 007BE4EC: GetWindowRect.USER32(?,?), ref: 007BE504
                                                                                                                                                                                                                                                • GetDesktopWindow.USER32 ref: 007C2312
                                                                                                                                                                                                                                                • GetWindowRect.USER32(00000000), ref: 007C2319
                                                                                                                                                                                                                                                • mouse_event.USER32(00008001,?,?,00000002,00000002), ref: 007C2355
                                                                                                                                                                                                                                                • GetCursorPos.USER32(?), ref: 007C2381
                                                                                                                                                                                                                                                • mouse_event.USER32(00008001,?,?,00000000,00000000), ref: 007C23DF
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Window$Rectmouse_event$CursorDesktopForeground
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2387181109-0
                                                                                                                                                                                                                                                • Opcode ID: 5ba3492fa0cb27629d69c30a758d210164108682f51189d3bfa928559d9e2ffd
                                                                                                                                                                                                                                                • Instruction ID: 86920ef6e9d624f63d4f0848aaa1402141f8642be0edc984e2e00b76b443268b
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5ba3492fa0cb27629d69c30a758d210164108682f51189d3bfa928559d9e2ffd
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6031ED72105346ABC720DF14D808F9BBBA9FF84710F000A1EF98597182DB38EA09CB96
                                                                                                                                                                                                                                                Function 007B9B2B Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 119filesleepCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 00749CB3: _wcslen.LIBCMT ref: 00749CBD
                                                                                                                                                                                                                                                • FindFirstFileW.KERNEL32(00000001,?,*.*,?,?,00000000,00000000), ref: 007B9B78
                                                                                                                                                                                                                                                • FindClose.KERNEL32(00000000,?,00000000,00000000), ref: 007B9C8B
                                                                                                                                                                                                                                                  • Part of subcall function 007B3874: GetInputState.USER32 ref: 007B38CB
                                                                                                                                                                                                                                                  • Part of subcall function 007B3874: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 007B3966
                                                                                                                                                                                                                                                • Sleep.KERNEL32(0000000A,?,00000000,00000000), ref: 007B9BA8
                                                                                                                                                                                                                                                • FindNextFileW.KERNEL32(?,?,?,00000000,00000000), ref: 007B9C75
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Find$File$CloseFirstInputMessageNextPeekSleepState_wcslen
                                                                                                                                                                                                                                                • String ID: *.*
                                                                                                                                                                                                                                                • API String ID: 1972594611-438819550
                                                                                                                                                                                                                                                • Opcode ID: 195936dfa01ef6c7cf1a4f328359be1ed7f5c1f1d76ca04ee627643e5f9649fc
                                                                                                                                                                                                                                                • Instruction ID: 6df4c3a3fe93d7a6d589c12c77e463cd4b3a4e3f148d83936397477372df0a01
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 195936dfa01ef6c7cf1a4f328359be1ed7f5c1f1d76ca04ee627643e5f9649fc
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 88415FB194420ADFDF15DFB4C889BEEBBB8FF05310F244156EA15A2191EB389E44CB60
                                                                                                                                                                                                                                                Function 00748060 Relevance: 8.7, Strings: 6, Instructions: 1151COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                • VUUU, xrefs: 00785DF0
                                                                                                                                                                                                                                                • _______________________________________________________________________________________________________________________________abccccccccdeefghijklmnopqrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstyzzzzzzzzzzzzzzzz{{{{, xrefs: 00785D04
                                                                                                                                                                                                                                                • VUUU, xrefs: 0074843C
                                                                                                                                                                                                                                                • VUUU, xrefs: 007483E8
                                                                                                                                                                                                                                                • ERCP, xrefs: 0074813C
                                                                                                                                                                                                                                                • VUUU, xrefs: 007483FA
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: ERCP$VUUU$VUUU$VUUU$VUUU$_______________________________________________________________________________________________________________________________abccccccccdeefghijklmnopqrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstyzzzzzzzzzzzzzzzz{{{{
                                                                                                                                                                                                                                                • API String ID: 0-2009957334
                                                                                                                                                                                                                                                • Opcode ID: 9300ffd2b16456630111e195987af7a4ea873d05a00c203c4573943a98b66a53
                                                                                                                                                                                                                                                • Instruction ID: 840126ccd87ec97152151a5db12ee108148ab52f00991a42412a08c22fc2c3d5
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9300ffd2b16456630111e195987af7a4ea873d05a00c203c4573943a98b66a53
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 08A29070E4021ECBDF64DF58C8447ADB7B1BF54314F2481AAD815AB285EB789D81CF92
                                                                                                                                                                                                                                                Function 0075997D Relevance: 7.9, APIs: 5, Instructions: 375COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 00759BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00759BB2
                                                                                                                                                                                                                                                • DefDlgProcW.USER32(?,?,?,?,?), ref: 00759A4E
                                                                                                                                                                                                                                                • GetSysColor.USER32(0000000F), ref: 00759B23
                                                                                                                                                                                                                                                • SetBkColor.GDI32(?,00000000), ref: 00759B36
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Color$LongProcWindow
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 3131106179-0
                                                                                                                                                                                                                                                • Opcode ID: 08cf48e9a915c23d54b48b0aa70855acb6569f92ec3256af8b045642e8793616
                                                                                                                                                                                                                                                • Instruction ID: 010fc906a730a9d7a6a5a043ef92f775645a90eb1ace0406cb34849765408bbe
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 08cf48e9a915c23d54b48b0aa70855acb6569f92ec3256af8b045642e8793616
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BDA12CB0218544FEEF2D9A3C9C4DDFB2A6DEB42302F14810AFB12D6691CA6D9D05C275
                                                                                                                                                                                                                                                Function 007C1806 Relevance: 7.7, APIs: 5, Instructions: 153networkCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 007C304E: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 007C307A
                                                                                                                                                                                                                                                  • Part of subcall function 007C304E: _wcslen.LIBCMT ref: 007C309B
                                                                                                                                                                                                                                                • socket.WSOCK32(00000002,00000002,00000011,?,?,00000000), ref: 007C185D
                                                                                                                                                                                                                                                • WSAGetLastError.WSOCK32 ref: 007C1884
                                                                                                                                                                                                                                                • bind.WSOCK32(00000000,?,00000010), ref: 007C18DB
                                                                                                                                                                                                                                                • WSAGetLastError.WSOCK32 ref: 007C18E6
                                                                                                                                                                                                                                                • closesocket.WSOCK32(00000000), ref: 007C1915
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ErrorLast$_wcslenbindclosesocketinet_addrsocket
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 1601658205-0
                                                                                                                                                                                                                                                • Opcode ID: 9ad091ab15fa8bab511c4edd7a9c3e51eda6b5f4eb5f9520664151e0dd778078
                                                                                                                                                                                                                                                • Instruction ID: b487d21dd67bd8db9118862d6d255fd5e473b1753fa1064d47bb3c656a39e9db
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9ad091ab15fa8bab511c4edd7a9c3e51eda6b5f4eb5f9520664151e0dd778078
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D851B371A00210AFDB11AF24C88AF6AB7E5AB45718F58849CF9055F3D3C779AD41CBE1
                                                                                                                                                                                                                                                Function 007D1C41 Relevance: 7.6, APIs: 5, Instructions: 83windowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Window$EnabledForegroundIconicVisibleZoomed
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 292994002-0
                                                                                                                                                                                                                                                • Opcode ID: beee503577afaebfae4b8bba71e165e8fc0a2a2f38731a7c35c4bb2e7580afd8
                                                                                                                                                                                                                                                • Instruction ID: f448ee6c20c43abb12ee95d83dd9085189ce9005c9e253f6c482f25cbdbdf340
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: beee503577afaebfae4b8bba71e165e8fc0a2a2f38731a7c35c4bb2e7580afd8
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 53210731751201AFD7218F1AC844B167BF5EF84320F58805AE84ACB351D779DC42CBA4
                                                                                                                                                                                                                                                Function 007AAA57 Relevance: 6.1, APIs: 4, Instructions: 107keyboardwindowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetKeyboardState.USER32(?,00000001,00000040,00000000), ref: 007AAAAC
                                                                                                                                                                                                                                                • SetKeyboardState.USER32(00000080), ref: 007AAAC8
                                                                                                                                                                                                                                                • PostMessageW.USER32(?,00000102,00000001,00000001), ref: 007AAB36
                                                                                                                                                                                                                                                • SendInput.USER32(00000001,?,0000001C,00000001,00000040,00000000), ref: 007AAB88
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: KeyboardState$InputMessagePostSend
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 432972143-0
                                                                                                                                                                                                                                                • Opcode ID: b3a7eeb49fb6cdbffa2b7e343bac9bb9a55e6d82f40f550b8854efcdfa2f7287
                                                                                                                                                                                                                                                • Instruction ID: c545e8b2a464e67e7c64100982010727c283b49b8893f75264980ffcc69ea055
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b3a7eeb49fb6cdbffa2b7e343bac9bb9a55e6d82f40f550b8854efcdfa2f7287
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 843105B0A40248BEFF358B64CC09BFA7BA6ABC6310F04831AE181965D1D37D8991C776
                                                                                                                                                                                                                                                Function 0077BB6F Relevance: 6.1, APIs: 4, Instructions: 90timeCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • _free.LIBCMT ref: 0077BB7F
                                                                                                                                                                                                                                                  • Part of subcall function 007729C8: RtlFreeHeap.NTDLL(00000000,00000000,?,0077D7D1,00000000,00000000,00000000,00000000,?,0077D7F8,00000000,00000007,00000000,?,0077DBF5,00000000), ref: 007729DE
                                                                                                                                                                                                                                                  • Part of subcall function 007729C8: GetLastError.KERNEL32(00000000,?,0077D7D1,00000000,00000000,00000000,00000000,?,0077D7F8,00000000,00000007,00000000,?,0077DBF5,00000000,00000000), ref: 007729F0
                                                                                                                                                                                                                                                • GetTimeZoneInformation.KERNEL32 ref: 0077BB91
                                                                                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(00000000,?,0081121C,000000FF,?,0000003F,?,?), ref: 0077BC09
                                                                                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(00000000,?,00811270,000000FF,?,0000003F,?,?,?,0081121C,000000FF,?,0000003F,?,?), ref: 0077BC36
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ByteCharMultiWide$ErrorFreeHeapInformationLastTimeZone_free
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 806657224-0
                                                                                                                                                                                                                                                • Opcode ID: f216a838aed47e859d5ccdde325fcc1613824243e5646adedcfccdd4d18fb7db
                                                                                                                                                                                                                                                • Instruction ID: 810123d9eb2bf6dc4c5a03584ab08c9a40242b393c8a8cdf480dd8612780a5ef
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f216a838aed47e859d5ccdde325fcc1613824243e5646adedcfccdd4d18fb7db
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FF31CE70904205DFCF12DF68CC84AA9BBB8FF45790B14C6AAE628D72B1D7389D41CB60
                                                                                                                                                                                                                                                Function 007BCE44 Relevance: 6.1, APIs: 4, Instructions: 75filenetworkCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • InternetReadFile.WININET(?,?,00000400,?), ref: 007BCE89
                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,00000000), ref: 007BCEEA
                                                                                                                                                                                                                                                • SetEvent.KERNEL32(?,?,00000000), ref: 007BCEFE
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ErrorEventFileInternetLastRead
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 234945975-0
                                                                                                                                                                                                                                                • Opcode ID: a1a56db92567145aeb11da88be65d27981a709d2e91865d8877af2ffff1a26a6
                                                                                                                                                                                                                                                • Instruction ID: 4be0573a232f2ab179390f16e8a5dde68f5a47d1ea4eb3c40d2db5a82bef213d
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a1a56db92567145aeb11da88be65d27981a709d2e91865d8877af2ffff1a26a6
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 00219DB2600306DFEB22DFA5C949BA777F8EB50354F10841EE546D2151E778EE04CBA4
                                                                                                                                                                                                                                                Function 007A8298 Relevance: 5.1, APIs: 1, Strings: 2, Instructions: 568stringCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • lstrlenW.KERNEL32(?,?,?,00000000), ref: 007A82AA
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: lstrlen
                                                                                                                                                                                                                                                • String ID: ($|
                                                                                                                                                                                                                                                • API String ID: 1659193697-1631851259
                                                                                                                                                                                                                                                • Opcode ID: 1099f71cd5d9617c8271d0f4cd62c98f6ca88eb9fa2382108d7bc210620a4c3a
                                                                                                                                                                                                                                                • Instruction ID: a5855b4ad15d233d8f436d5a372f021f407ebca765f3b6e12762f914ca002265
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1099f71cd5d9617c8271d0f4cd62c98f6ca88eb9fa2382108d7bc210620a4c3a
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B9324575A00605DFCB68CF59C481A6AB7F0FF88710B15C56EE49ADB3A1EB74E941CB40
                                                                                                                                                                                                                                                Function 007B5C97 Relevance: 4.6, APIs: 3, Instructions: 138fileCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • FindFirstFileW.KERNEL32(?,?), ref: 007B5CC1
                                                                                                                                                                                                                                                • FindNextFileW.KERNEL32(00000000,?), ref: 007B5D17
                                                                                                                                                                                                                                                • FindClose.KERNEL32(?), ref: 007B5D5F
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Find$File$CloseFirstNext
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 3541575487-0
                                                                                                                                                                                                                                                • Opcode ID: 142563fe0e747c8f27b8565225e6eeca9e4f1f255cd87b07178443db3a40aca0
                                                                                                                                                                                                                                                • Instruction ID: fd55e78ef925ed76e646f27fbf05f6c68b3ea5c5cd597f002b9d02e9f41c7370
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 142563fe0e747c8f27b8565225e6eeca9e4f1f255cd87b07178443db3a40aca0
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8C517875604A019FC714CF28C498B96B7E4FF49314F14865EE95A8B3A1DB38FD04CB91
                                                                                                                                                                                                                                                Function 00772622 Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • IsDebuggerPresent.KERNEL32 ref: 0077271A
                                                                                                                                                                                                                                                • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00772724
                                                                                                                                                                                                                                                • UnhandledExceptionFilter.KERNEL32(?), ref: 00772731
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 3906539128-0
                                                                                                                                                                                                                                                • Opcode ID: da2a023df19d11541c67687a97a99e4e8552f577f3d0e006c475c0ce16abd0b1
                                                                                                                                                                                                                                                • Instruction ID: 3750d5a3282939505800d142e467e32ae1dae5ed4c7fb8314a9a7909e35ad931
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: da2a023df19d11541c67687a97a99e4e8552f577f3d0e006c475c0ce16abd0b1
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F331D7749112189BCB21DF64DD8879DBBB8BF08350F5082DAE81CA7261E7349F858F85
                                                                                                                                                                                                                                                Function 007B51CD Relevance: 4.6, APIs: 3, Instructions: 76COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • SetErrorMode.KERNEL32(00000001), ref: 007B51DA
                                                                                                                                                                                                                                                • GetDiskFreeSpaceExW.KERNEL32(?,?,?,?), ref: 007B5238
                                                                                                                                                                                                                                                • SetErrorMode.KERNEL32(00000000), ref: 007B52A1
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ErrorMode$DiskFreeSpace
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 1682464887-0
                                                                                                                                                                                                                                                • Opcode ID: d3c18859b91c13cbb61ebea8f07dd981faadf3e1b39c36f733bfdd725d7e8463
                                                                                                                                                                                                                                                • Instruction ID: ce47051e3126946996cc67f67d7bda9472ec757bd8b193b77ba21512889f07a4
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d3c18859b91c13cbb61ebea8f07dd981faadf3e1b39c36f733bfdd725d7e8463
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FF313A75A00518DFDB01DF54D888BEDBBB5FF49314F088099E805AB362DB3AE856CB90
                                                                                                                                                                                                                                                Function 007A16C3 Relevance: 4.6, APIs: 3, Instructions: 68COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 0075FDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 00760668
                                                                                                                                                                                                                                                  • Part of subcall function 0075FDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 00760685
                                                                                                                                                                                                                                                • LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 007A170D
                                                                                                                                                                                                                                                • AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 007A173A
                                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 007A174A
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Exception@8Throw$AdjustErrorLastLookupPrivilegePrivilegesTokenValue
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 577356006-0
                                                                                                                                                                                                                                                • Opcode ID: f2cef67d532911c123a78d23ac5f317cea3add41c109076fe6a17df33e1a8840
                                                                                                                                                                                                                                                • Instruction ID: 7deeec5be5dbac7f66ef8211b675486fed1686424a2b6f676ab5c4d65da155f9
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f2cef67d532911c123a78d23ac5f317cea3add41c109076fe6a17df33e1a8840
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2011CEB2500305AFE718AF54DC8ADAAB7B9EB44714B20C52EE45697241EB74BC41CA24
                                                                                                                                                                                                                                                Function 007AD5EB Relevance: 4.6, APIs: 3, Instructions: 58fileCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • CreateFileW.KERNEL32(?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 007AD608
                                                                                                                                                                                                                                                • DeviceIoControl.KERNEL32(00000000,002D1400,?,0000000C,?,00000028,?,00000000), ref: 007AD645
                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?,?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 007AD650
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CloseControlCreateDeviceFileHandle
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 33631002-0
                                                                                                                                                                                                                                                • Opcode ID: f07c5929d466f3f5eb077ad8470a3eb8f9dea628415fe53f6b43d3e2caf37f5a
                                                                                                                                                                                                                                                • Instruction ID: a0c02cf41afec75dc613890e0b22ed38f10fe8ac7483a3971dae7905e32e5459
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f07c5929d466f3f5eb077ad8470a3eb8f9dea628415fe53f6b43d3e2caf37f5a
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B8118E71E05228BFDB208F94DC44FAFBBBCEB45B50F108112F904E7290C2744E018BA1
                                                                                                                                                                                                                                                Function 007A1663 Relevance: 4.5, APIs: 3, Instructions: 40memoryCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?), ref: 007A168C
                                                                                                                                                                                                                                                • CheckTokenMembership.ADVAPI32(00000000,?,?), ref: 007A16A1
                                                                                                                                                                                                                                                • FreeSid.ADVAPI32(?), ref: 007A16B1
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: AllocateCheckFreeInitializeMembershipToken
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 3429775523-0
                                                                                                                                                                                                                                                • Opcode ID: 60edcc2fca925a5befd2020e8575b9b1f8a656f19991a6ffe741f34adadb8d44
                                                                                                                                                                                                                                                • Instruction ID: 9c561b2cc3e11b25d07a5f850652a626016738f67fe74d5909e837fdcebd2b85
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 60edcc2fca925a5befd2020e8575b9b1f8a656f19991a6ffe741f34adadb8d44
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 49F0F471951309FBEF00DFE49C89AAEBBBCEB08604F508565E601E2181E778AA448A54
                                                                                                                                                                                                                                                Function 0079D27A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetUserNameW.ADVAPI32(?,?), ref: 0079D28C
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: NameUser
                                                                                                                                                                                                                                                • String ID: X64
                                                                                                                                                                                                                                                • API String ID: 2645101109-893830106
                                                                                                                                                                                                                                                • Opcode ID: 380385418fc74cc0669f815552abe2a984a08d9c4f038ce0ce2124fe1b367c27
                                                                                                                                                                                                                                                • Instruction ID: ce2773d6972abcb0229673cd8bde01c6e0048b80ab658e28ec362886dacdefa1
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 380385418fc74cc0669f815552abe2a984a08d9c4f038ce0ce2124fe1b367c27
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: ECD0C9B480111DEACFA0CB90EC88DD9B37CBB04305F104152F506A2080D77899488F10
                                                                                                                                                                                                                                                Function 0076CAA0 Relevance: 3.5, APIs: 2, Instructions: 464COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
                                                                                                                                                                                                                                                • Instruction ID: 0d30c3192e983c46a508081a7c3141f0aa3b1480a6ff8a13304c16cbea582cb3
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 25023D72E002199FDF15CFA9C8806ADFBF5EF48314F25816AD85AE7380D735AA418B94
                                                                                                                                                                                                                                                Function 007B68EE Relevance: 3.1, APIs: 2, Instructions: 57fileCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • FindFirstFileW.KERNEL32(?,?), ref: 007B6918
                                                                                                                                                                                                                                                • FindClose.KERNEL32(00000000), ref: 007B6961
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Find$CloseFileFirst
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2295610775-0
                                                                                                                                                                                                                                                • Opcode ID: 6a08923d23e1fd3f38d77f8b7f8cdb6ceb81357d476f89682efdd8e879ef4bd5
                                                                                                                                                                                                                                                • Instruction ID: d06a69cc9c8382b41b373b2ddd0735ece375567fda0755d63c02b7cd12053d24
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6a08923d23e1fd3f38d77f8b7f8cdb6ceb81357d476f89682efdd8e879ef4bd5
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9D1190716042119FD714DF29D488A16BBE5FF85328F14C69DE9698F2A2C738FC05CB91
                                                                                                                                                                                                                                                Function 007B37B5 Relevance: 3.0, APIs: 2, Instructions: 33windowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetLastError.KERNEL32(00000000,?,00000FFF,00000000,?,?,?,007C4891,?,?,00000035,?), ref: 007B37E4
                                                                                                                                                                                                                                                • FormatMessageW.KERNEL32(00001000,00000000,?,00000000,?,00000FFF,00000000,?,?,?,007C4891,?,?,00000035,?), ref: 007B37F4
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ErrorFormatLastMessage
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 3479602957-0
                                                                                                                                                                                                                                                • Opcode ID: 4790e42b69a78e539a2b6288c88521ba6214d888e7ac489218912fe445855ba5
                                                                                                                                                                                                                                                • Instruction ID: e0e234ce7997a8798a51e9f44244516cf71df90e2d220d4e22275212c5f8a42f
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4790e42b69a78e539a2b6288c88521ba6214d888e7ac489218912fe445855ba5
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C0F0E5B06052296AE72027769C8DFEB3BAEEFC4761F000265F609D2281DA749944C7B0
                                                                                                                                                                                                                                                Function 007AB226 Relevance: 3.0, APIs: 2, Instructions: 29keyboardCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • SendInput.USER32(00000001,?,0000001C,?,?,00000002), ref: 007AB25D
                                                                                                                                                                                                                                                • keybd_event.USER32(?,75C0C0D0,?,00000000), ref: 007AB270
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: InputSendkeybd_event
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 3536248340-0
                                                                                                                                                                                                                                                • Opcode ID: 81d3d730b83bf96d14b3a4a3da562d3e971c8ca9c3c5bc383c69e6d7fb5fb8ac
                                                                                                                                                                                                                                                • Instruction ID: f12de31ba0e838f42b7eab92c4370a9911ef54cbfdbdec07fe3e78895ba77cda
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 81d3d730b83bf96d14b3a4a3da562d3e971c8ca9c3c5bc383c69e6d7fb5fb8ac
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CBF01D7180424EABDB059FA0C805BAE7BB4FF09315F10814AF955A5192C37D8611DF94
                                                                                                                                                                                                                                                Function 007A10BF Relevance: 3.0, APIs: 2, Instructions: 24COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,007A11FC), ref: 007A10D4
                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?,?,007A11FC), ref: 007A10E9
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: AdjustCloseHandlePrivilegesToken
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 81990902-0
                                                                                                                                                                                                                                                • Opcode ID: 58679a2a2462d5eff7ab66db92a70f972644cdba0385db4aa36183d921184290
                                                                                                                                                                                                                                                • Instruction ID: eccc69ce6c8f2cb84d5b541ebc9c74f2abf5d92de93b83facefc033be5ee53f4
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 58679a2a2462d5eff7ab66db92a70f972644cdba0385db4aa36183d921184290
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3EE04F32004601EEF7262B11FC0AEB377B9EB04311F10C82EF8A5804B1DBA66C90DB54
                                                                                                                                                                                                                                                Function 0074CAF0 Relevance: 1.9, Strings: 1, Instructions: 659COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                • Variable is not of type 'Object'., xrefs: 00790C40
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: Variable is not of type 'Object'.
                                                                                                                                                                                                                                                • API String ID: 0-1840281001
                                                                                                                                                                                                                                                • Opcode ID: 3e3b559164b710a6b00e6ab2d4da8d9a36a12610915a739955be4e84da553d9b
                                                                                                                                                                                                                                                • Instruction ID: 5bc3ff66b5723cc9c18d17289a2557af36b5637cdb7dda09dd2d7686dc09efac
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3e3b559164b710a6b00e6ab2d4da8d9a36a12610915a739955be4e84da553d9b
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F832BD70A11218DFCF55DF90D885AEDB7B5FF05304F148069E806AB292DB7DAE49CBA0
                                                                                                                                                                                                                                                Function 0077676B Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,00776766,?,?,00000008,?,?,0077FEFE,00000000), ref: 00776998
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ExceptionRaise
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 3997070919-0
                                                                                                                                                                                                                                                • Opcode ID: 0183d562bc613a8d3c5685eb62d60af4770fc300d121e3e0cef14ed7c7dd778f
                                                                                                                                                                                                                                                • Instruction ID: 3fd65c5f3cce08982a1b041eea7bb19433a5fea941ce9e7c734ba77048571648
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0183d562bc613a8d3c5685eb62d60af4770fc300d121e3e0cef14ed7c7dd778f
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 38B15C31610A099FDB19CF28C486B657BE0FF453A4F25C658E99DCF2A6C339E985CB40
                                                                                                                                                                                                                                                Function 0075B119 Relevance: 1.8, Strings: 1, Instructions: 511COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 0-3916222277
                                                                                                                                                                                                                                                • Opcode ID: 3f5463d5466890a25a44dd8e28e5de2ff3b4f7f0389dbb892e07f7a084628eb6
                                                                                                                                                                                                                                                • Instruction ID: 852cd9ee802f30fbdfa4a55962c9face8fff33c7f363f8ab35357776dff8a7ec
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3f5463d5466890a25a44dd8e28e5de2ff3b4f7f0389dbb892e07f7a084628eb6
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7F125F71900229DBCF64CF58D880AFEB7B5FF48710F14819AE849EB251DB789E85CB91
                                                                                                                                                                                                                                                Function 007BEAA2 Relevance: 1.5, APIs: 1, Instructions: 25keyboardCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • BlockInput.USER32(00000001), ref: 007BEABD
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: BlockInput
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 3456056419-0
                                                                                                                                                                                                                                                • Opcode ID: 947f532c44fa7cf3dfb1111ad1755ed9ad9967c754f0fa6b00443099b8e1e75e
                                                                                                                                                                                                                                                • Instruction ID: 760f7e88f805954387ae7449a596048ccbdee2f045ea493688d36aa50af4c6b3
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 947f532c44fa7cf3dfb1111ad1755ed9ad9967c754f0fa6b00443099b8e1e75e
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 63E01A322002049FC710EF69D808E9AF7EDAF98760F00C416FC49C7391DB79E8408B90
                                                                                                                                                                                                                                                Function 007609D5 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • SetUnhandledExceptionFilter.KERNEL32(Function_000209E1,007603EE), ref: 007609DA
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 3192549508-0
                                                                                                                                                                                                                                                • Opcode ID: 742cc0a7a0a16cda0cd867e494ae48e036f40895886bd7a3396c19dc0b3d34ef
                                                                                                                                                                                                                                                • Instruction ID: 82ce8aca1d479708c58c08cff3c159a6e552de30eda733d933ea4cfb2ec288fd
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 742cc0a7a0a16cda0cd867e494ae48e036f40895886bd7a3396c19dc0b3d34ef
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash:
                                                                                                                                                                                                                                                Function 0076781B Relevance: 1.5, Strings: 1, Instructions: 214COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: 0
                                                                                                                                                                                                                                                • API String ID: 0-4108050209
                                                                                                                                                                                                                                                • Opcode ID: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
                                                                                                                                                                                                                                                • Instruction ID: 92dee958abaaa648e80228157a04858c8d5a6ed69405cbdd2bd07674c7cb3d21
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FD51466160C7479ADB3C8578889E7BE23D99B123CCF180A09DC83DB282C61DEE45D356
                                                                                                                                                                                                                                                Function 00776DD9 Relevance: .6, Instructions: 637COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 974c1c540a27892f7d3e70a9609ebcffa5b789e7019310815da91db4ede252b4
                                                                                                                                                                                                                                                • Instruction ID: fb7c15b45b4d81f00d3a697cc057cd502a8b29ed7b8c01e39ba19cb43d4c44c5
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 974c1c540a27892f7d3e70a9609ebcffa5b789e7019310815da91db4ede252b4
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E1322621D29F814DDB279634CC62335664DAFBB3C5F15D737E81AB99AAEB2DC4838100
                                                                                                                                                                                                                                                Function 0075CC39 Relevance: .6, Instructions: 635COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 206423f82115d3999af316c9fb863990e2ad84761761a952d30d8764c1cfc024
                                                                                                                                                                                                                                                • Instruction ID: 649eb7ea6e01dd6198ebf56257ef53c668d69b151d7a2894bcf714e418be6448
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 206423f82115d3999af316c9fb863990e2ad84761761a952d30d8764c1cfc024
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 15324931A002458FDF27CF28E4946BD7BA1EB45311F28816AD85ACB292E73CDD85DB60
                                                                                                                                                                                                                                                Function 00747920 Relevance: .6, Instructions: 563COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 43feecaefc58ad381eff640f39439cb74001ac6c6c082259b2d0bbf03afe7445
                                                                                                                                                                                                                                                • Instruction ID: daaac4cdd9fe3f5c34f6f7257e97a076c11db70031543b189870af141cb4189c
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 43feecaefc58ad381eff640f39439cb74001ac6c6c082259b2d0bbf03afe7445
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9A22B1B0A04609DFDF14DF68D885AAEB7F6FF44300F244529E816E7291EB3AAD15CB50
                                                                                                                                                                                                                                                Function 007491C0 Relevance: .5, Instructions: 475COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: fc159557f217fd322af3dfdb7677dfd269936c06b288b0d476359d3fc56699af
                                                                                                                                                                                                                                                • Instruction ID: 4df0490c1ca352e49124ea58819652172da6e00b0771f38042fd6eff139a3564
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: fc159557f217fd322af3dfdb7677dfd269936c06b288b0d476359d3fc56699af
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CF02B7B1E00205EFDB04EF64D885AAEB7B5FF44300F118169E916DB291EB79EE14CB91
                                                                                                                                                                                                                                                Function 00779EEE Relevance: .3, Instructions: 294COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 1eba395f631921772b3085e629b6717e534678db85dec18a256ac63976ae09b3
                                                                                                                                                                                                                                                • Instruction ID: fa1581d801f8a4f8231279221160048f5c59191f9a197c8f04e72331d15ca021
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1eba395f631921772b3085e629b6717e534678db85dec18a256ac63976ae09b3
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1CB12520D2AF814DD7239639C875336B65CAFBB2C5F91D71BFC2A79D22EB2685834140
                                                                                                                                                                                                                                                Function 00761C77 Relevance: .3, Instructions: 254COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
                                                                                                                                                                                                                                                • Instruction ID: 1c266cf9209a7036797d7ae0b346a184cef985dc864de86f4f2f5ba17d27d318
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 729167726090E34ADB2D863A857C07DFFE15A523A235E079EDCF3CA1C5EE18D954E620
                                                                                                                                                                                                                                                Function 00761F32 Relevance: .2, Instructions: 244COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 05e0b846b00456d0f1e87463b9d189974beed2fe63262d4392584e128a114ea2
                                                                                                                                                                                                                                                • Instruction ID: f9c11461b3e5a0ac74fffecf0dde4f8c7b8476394d8a601aec9c52e6f8723092
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 05e0b846b00456d0f1e87463b9d189974beed2fe63262d4392584e128a114ea2
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5F91687220D4E349DBAD4239847807DFFE15A923A131E079DDCF3CB5C6EE289555E620
                                                                                                                                                                                                                                                Function 007619B0 Relevance: .2, Instructions: 240COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
                                                                                                                                                                                                                                                • Instruction ID: 9a1c6b6dbaee4d9ece373a9b17ccc8061a60c7ada5e7701af3897be2dd474a90
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: ED9173722091E34EDB2D427A857C03DFFE15A923A235E479ED8F7CA1C1FD189558E620
                                                                                                                                                                                                                                                Function 00767A4A Relevance: .2, Instructions: 237COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: a3ec3f861d0d733ef68c49922214fd01ca9f55762f82aba838a979b4da86d62a
                                                                                                                                                                                                                                                • Instruction ID: 3f0d7a33baeed40e23d98fc510c157f839de9a5d3b3419cea00c1230ecc6f308
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a3ec3f861d0d733ef68c49922214fd01ca9f55762f82aba838a979b4da86d62a
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A1618DB120870996DE3C9A6C8C95BBE2398DF417CCF144A1DEC4BDB281D91DDE42C756
                                                                                                                                                                                                                                                Function 00767CA7 Relevance: .2, Instructions: 237COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: cf405809b230e436f60eb2f935fce4f36893061746770671bcb51a405f19aa6c
                                                                                                                                                                                                                                                • Instruction ID: 5631bd6b1237b1c4008f3c7f94234db4725e431d9adac2fc358bb3e625115e8a
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: cf405809b230e436f60eb2f935fce4f36893061746770671bcb51a405f19aa6c
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FA61697170870996DA3C8A288895BBF23949F427CCF140D5AED43DB281EB1EAD4AC356
                                                                                                                                                                                                                                                Function 00761706 Relevance: .2, Instructions: 232COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
                                                                                                                                                                                                                                                • Instruction ID: 46d98b578e7da5d99b00084667731f6f0736f3cc6860550c65e892ee88d487ac
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 068151726091E309DB6D863A853843EFFE15A923B135E079DD8F3CB5C1EE289558E620
                                                                                                                                                                                                                                                Function 007B2046 Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 6cffc9558261a26838309e91bfac7b989434c0022be598fb3e718b50094b6282
                                                                                                                                                                                                                                                • Instruction ID: 51c973afcb245ddd922087fac56337aedd1d508eba79f2cd5c7d1a5e7835c47e
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6cffc9558261a26838309e91bfac7b989434c0022be598fb3e718b50094b6282
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DA21D8322216118BD728CE79C8126BA73E9BB64310F14862EE4A7C33D1DE39A945CB40
                                                                                                                                                                                                                                                Function 007C2ADE Relevance: 77.5, APIs: 40, Strings: 4, Instructions: 486filecommemoryCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • DeleteObject.GDI32(00000000), ref: 007C2B30
                                                                                                                                                                                                                                                • DeleteObject.GDI32(00000000), ref: 007C2B43
                                                                                                                                                                                                                                                • DestroyWindow.USER32 ref: 007C2B52
                                                                                                                                                                                                                                                • GetDesktopWindow.USER32 ref: 007C2B6D
                                                                                                                                                                                                                                                • GetWindowRect.USER32(00000000), ref: 007C2B74
                                                                                                                                                                                                                                                • SetRect.USER32(?,00000000,00000000,00000007,00000002), ref: 007C2CA3
                                                                                                                                                                                                                                                • AdjustWindowRectEx.USER32(?,88C00000,00000000,?), ref: 007C2CB1
                                                                                                                                                                                                                                                • CreateWindowExW.USER32(?,AutoIt v3,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 007C2CF8
                                                                                                                                                                                                                                                • GetClientRect.USER32(00000000,?), ref: 007C2D04
                                                                                                                                                                                                                                                • CreateWindowExW.USER32(00000000,static,00000000,5000000E,00000000,00000000,?,?,00000000,00000000,00000000), ref: 007C2D40
                                                                                                                                                                                                                                                • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 007C2D62
                                                                                                                                                                                                                                                • GetFileSize.KERNEL32(00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 007C2D75
                                                                                                                                                                                                                                                • GlobalAlloc.KERNEL32(00000002,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 007C2D80
                                                                                                                                                                                                                                                • GlobalLock.KERNEL32(00000000), ref: 007C2D89
                                                                                                                                                                                                                                                • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 007C2D98
                                                                                                                                                                                                                                                • GlobalUnlock.KERNEL32(00000000), ref: 007C2DA1
                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 007C2DA8
                                                                                                                                                                                                                                                • GlobalFree.KERNEL32(00000000), ref: 007C2DB3
                                                                                                                                                                                                                                                • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 007C2DC5
                                                                                                                                                                                                                                                • OleLoadPicture.OLEAUT32(?,00000000,00000000,007DFC38,00000000), ref: 007C2DDB
                                                                                                                                                                                                                                                • GlobalFree.KERNEL32(00000000), ref: 007C2DEB
                                                                                                                                                                                                                                                • CopyImage.USER32(00000007,00000000,00000000,00000000,00002000), ref: 007C2E11
                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000172,00000000,00000007), ref: 007C2E30
                                                                                                                                                                                                                                                • SetWindowPos.USER32(00000000,00000000,00000000,00000000,?,?,00000020,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 007C2E52
                                                                                                                                                                                                                                                • ShowWindow.USER32(00000004,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 007C303F
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Window$Global$CreateRect$File$DeleteFreeObject$AdjustAllocClientCloseCopyDesktopDestroyHandleImageLoadLockMessagePictureReadSendShowSizeStreamUnlock
                                                                                                                                                                                                                                                • String ID: $AutoIt v3$DISPLAY$static
                                                                                                                                                                                                                                                • API String ID: 2211948467-2373415609
                                                                                                                                                                                                                                                • Opcode ID: b700c3891c0eb6d1c5da4820bd887913c52b3042a51346505c914005458269c5
                                                                                                                                                                                                                                                • Instruction ID: 81206a60760bcd9ef47b94a3dc2d81f4e29f01ffbe75ba433a6e4bf61d3c6df4
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b700c3891c0eb6d1c5da4820bd887913c52b3042a51346505c914005458269c5
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FF025771900219EFDB15DF64CC89EAEBBB9EB48310F04815DF915AB2A1DB78ED01CB64
                                                                                                                                                                                                                                                Function 007D70D5 Relevance: 49.8, APIs: 33, Instructions: 273COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • SetTextColor.GDI32(?,00000000), ref: 007D712F
                                                                                                                                                                                                                                                • GetSysColorBrush.USER32(0000000F), ref: 007D7160
                                                                                                                                                                                                                                                • GetSysColor.USER32(0000000F), ref: 007D716C
                                                                                                                                                                                                                                                • SetBkColor.GDI32(?,000000FF), ref: 007D7186
                                                                                                                                                                                                                                                • SelectObject.GDI32(?,?), ref: 007D7195
                                                                                                                                                                                                                                                • InflateRect.USER32(?,000000FF,000000FF), ref: 007D71C0
                                                                                                                                                                                                                                                • GetSysColor.USER32(00000010), ref: 007D71C8
                                                                                                                                                                                                                                                • CreateSolidBrush.GDI32(00000000), ref: 007D71CF
                                                                                                                                                                                                                                                • FrameRect.USER32(?,?,00000000), ref: 007D71DE
                                                                                                                                                                                                                                                • DeleteObject.GDI32(00000000), ref: 007D71E5
                                                                                                                                                                                                                                                • InflateRect.USER32(?,000000FE,000000FE), ref: 007D7230
                                                                                                                                                                                                                                                • FillRect.USER32(?,?,?), ref: 007D7262
                                                                                                                                                                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 007D7284
                                                                                                                                                                                                                                                  • Part of subcall function 007D73E8: GetSysColor.USER32(00000012), ref: 007D7421
                                                                                                                                                                                                                                                  • Part of subcall function 007D73E8: SetTextColor.GDI32(?,?), ref: 007D7425
                                                                                                                                                                                                                                                  • Part of subcall function 007D73E8: GetSysColorBrush.USER32(0000000F), ref: 007D743B
                                                                                                                                                                                                                                                  • Part of subcall function 007D73E8: GetSysColor.USER32(0000000F), ref: 007D7446
                                                                                                                                                                                                                                                  • Part of subcall function 007D73E8: GetSysColor.USER32(00000011), ref: 007D7463
                                                                                                                                                                                                                                                  • Part of subcall function 007D73E8: CreatePen.GDI32(00000000,00000001,00743C00), ref: 007D7471
                                                                                                                                                                                                                                                  • Part of subcall function 007D73E8: SelectObject.GDI32(?,00000000), ref: 007D7482
                                                                                                                                                                                                                                                  • Part of subcall function 007D73E8: SetBkColor.GDI32(?,00000000), ref: 007D748B
                                                                                                                                                                                                                                                  • Part of subcall function 007D73E8: SelectObject.GDI32(?,?), ref: 007D7498
                                                                                                                                                                                                                                                  • Part of subcall function 007D73E8: InflateRect.USER32(?,000000FF,000000FF), ref: 007D74B7
                                                                                                                                                                                                                                                  • Part of subcall function 007D73E8: RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 007D74CE
                                                                                                                                                                                                                                                  • Part of subcall function 007D73E8: GetWindowLongW.USER32(00000000,000000F0), ref: 007D74DB
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Color$Rect$Object$BrushInflateSelect$CreateLongTextWindow$DeleteFillFrameRoundSolid
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 4124339563-0
                                                                                                                                                                                                                                                • Opcode ID: 74e49f23bf305d5b2da028dcda2b3b237f544847f112616ade8d7653e4d38dac
                                                                                                                                                                                                                                                • Instruction ID: e257965ed3aa6dcee0f00b8edf9fc7ae34764961216889cdd6ed2e15d9f9cd08
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 74e49f23bf305d5b2da028dcda2b3b237f544847f112616ade8d7653e4d38dac
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4BA1B272009316EFDB059F60DC48A5BBBB9FB88320F104B1AF962961E0E739E944CB51
                                                                                                                                                                                                                                                Function 00758D85 Relevance: 47.7, APIs: 26, Strings: 1, Instructions: 480windowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • DestroyWindow.USER32(?,?), ref: 00758E14
                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001308,?,00000000), ref: 00796AC5
                                                                                                                                                                                                                                                • ImageList_Remove.COMCTL32(?,000000FF,?), ref: 00796AFE
                                                                                                                                                                                                                                                • MoveWindow.USER32(?,?,?,?,?,00000000), ref: 00796F43
                                                                                                                                                                                                                                                  • Part of subcall function 00758F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00758BE8,?,00000000,?,?,?,?,00758BBA,00000000,?), ref: 00758FC5
                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001053), ref: 00796F7F
                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001008,000000FF,00000000), ref: 00796F96
                                                                                                                                                                                                                                                • ImageList_Destroy.COMCTL32(00000000,?), ref: 00796FAC
                                                                                                                                                                                                                                                • ImageList_Destroy.COMCTL32(00000000,?), ref: 00796FB7
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: DestroyImageList_MessageSend$Window$InvalidateMoveRectRemove
                                                                                                                                                                                                                                                • String ID: 0
                                                                                                                                                                                                                                                • API String ID: 2760611726-4108050209
                                                                                                                                                                                                                                                • Opcode ID: 81a772ec1adf5a18241a76cd1b3acdb2a641ca7ed5b07ad8450d534573c1c33f
                                                                                                                                                                                                                                                • Instruction ID: 7864e4aedb8f9c9f22cce257d3e0a748e056e6776519e3cdea795cab3d07e5cb
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 81a772ec1adf5a18241a76cd1b3acdb2a641ca7ed5b07ad8450d534573c1c33f
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5612CB30201201DFDF25CF24E849BA9BBB5FF44301F548269F9999B261CB79EC95CB92
                                                                                                                                                                                                                                                Function 007C2711 Relevance: 45.8, APIs: 22, Strings: 4, Instructions: 330windowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • DestroyWindow.USER32(00000000), ref: 007C273E
                                                                                                                                                                                                                                                • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 007C286A
                                                                                                                                                                                                                                                • SetRect.USER32(?,00000000,00000000,0000012C,?), ref: 007C28A9
                                                                                                                                                                                                                                                • AdjustWindowRectEx.USER32(?,88C00000,00000000,00000008), ref: 007C28B9
                                                                                                                                                                                                                                                • CreateWindowExW.USER32(00000008,AutoIt v3,?,88C00000,000000FF,?,?,?,00000000,00000000,00000000), ref: 007C2900
                                                                                                                                                                                                                                                • GetClientRect.USER32(00000000,?), ref: 007C290C
                                                                                                                                                                                                                                                • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000), ref: 007C2955
                                                                                                                                                                                                                                                • CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 007C2964
                                                                                                                                                                                                                                                • GetStockObject.GDI32(00000011), ref: 007C2974
                                                                                                                                                                                                                                                • SelectObject.GDI32(00000000,00000000), ref: 007C2978
                                                                                                                                                                                                                                                • GetTextFaceW.GDI32(00000000,00000040,?,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?), ref: 007C2988
                                                                                                                                                                                                                                                • GetDeviceCaps.GDI32(00000000,0000005A), ref: 007C2991
                                                                                                                                                                                                                                                • DeleteDC.GDI32(00000000), ref: 007C299A
                                                                                                                                                                                                                                                • CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000258,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 007C29C6
                                                                                                                                                                                                                                                • SendMessageW.USER32(00000030,00000000,00000001), ref: 007C29DD
                                                                                                                                                                                                                                                • CreateWindowExW.USER32(00000200,msctls_progress32,00000000,50000001,?,-0000001D,00000104,00000014,00000000,00000000,00000000), ref: 007C2A1D
                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000401,00000000,00640000), ref: 007C2A31
                                                                                                                                                                                                                                                • SendMessageW.USER32(00000404,00000001,00000000), ref: 007C2A42
                                                                                                                                                                                                                                                • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000041,00000500,-00000027,00000000,00000000,00000000), ref: 007C2A77
                                                                                                                                                                                                                                                • GetStockObject.GDI32(00000011), ref: 007C2A82
                                                                                                                                                                                                                                                • SendMessageW.USER32(00000030,00000000,?,50000000), ref: 007C2A8D
                                                                                                                                                                                                                                                • ShowWindow.USER32(00000004,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?,?,?), ref: 007C2A97
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Window$Create$MessageSend$ObjectRect$Stock$AdjustCapsClientDeleteDestroyDeviceFaceFontInfoParametersSelectShowSystemText
                                                                                                                                                                                                                                                • String ID: AutoIt v3$DISPLAY$msctls_progress32$static
                                                                                                                                                                                                                                                • API String ID: 2910397461-517079104
                                                                                                                                                                                                                                                • Opcode ID: c5aff194bf717b17af1bfea1f39f75d11eede328d88ac701d6701a7d81d3ee10
                                                                                                                                                                                                                                                • Instruction ID: ea253272a6b70064faf2a883ed557813dc7905da7c61f7b034e4eb43bdf600e6
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c5aff194bf717b17af1bfea1f39f75d11eede328d88ac701d6701a7d81d3ee10
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 27B13CB1A40215AFDB14DF68CC49FAABBB9EB08710F108519FA15E7291D778ED40CB54
                                                                                                                                                                                                                                                Function 007B4ADF Relevance: 45.7, APIs: 3, Strings: 23, Instructions: 191COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • SetErrorMode.KERNEL32(00000001), ref: 007B4AED
                                                                                                                                                                                                                                                • GetDriveTypeW.KERNEL32(?,007DCB68,?,\\.\,007DCC08), ref: 007B4BCA
                                                                                                                                                                                                                                                • SetErrorMode.KERNEL32(00000000,007DCB68,?,\\.\,007DCC08), ref: 007B4D36
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ErrorMode$DriveType
                                                                                                                                                                                                                                                • String ID: 1394$ATA$ATAPI$CDROM$Fibre$FileBackedVirtual$Fixed$MMC$Network$PhysicalDrive$RAID$RAMDisk$Removable$SAS$SATA$SCSI$SSA$SSD$USB$Unknown$Virtual$\\.\$iSCSI
                                                                                                                                                                                                                                                • API String ID: 2907320926-4222207086
                                                                                                                                                                                                                                                • Opcode ID: 546aa6ba5aa8af561820e7f29d9a490e65c1df039fadc0cbba4cf9e6f913a3b1
                                                                                                                                                                                                                                                • Instruction ID: bdd66e83f1d206e71ba5b6598c52e618ae46d6145784cc0f2c7be2ddbdf1f9b1
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 546aa6ba5aa8af561820e7f29d9a490e65c1df039fadc0cbba4cf9e6f913a3b1
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CC61AE30601106DBCB54DF24CA96AB9BBB0FB04B00B248415F906EB693EB2EDD65DB61
                                                                                                                                                                                                                                                Function 007D73E8 Relevance: 39.2, APIs: 26, Instructions: 201windowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetSysColor.USER32(00000012), ref: 007D7421
                                                                                                                                                                                                                                                • SetTextColor.GDI32(?,?), ref: 007D7425
                                                                                                                                                                                                                                                • GetSysColorBrush.USER32(0000000F), ref: 007D743B
                                                                                                                                                                                                                                                • GetSysColor.USER32(0000000F), ref: 007D7446
                                                                                                                                                                                                                                                • CreateSolidBrush.GDI32(?), ref: 007D744B
                                                                                                                                                                                                                                                • GetSysColor.USER32(00000011), ref: 007D7463
                                                                                                                                                                                                                                                • CreatePen.GDI32(00000000,00000001,00743C00), ref: 007D7471
                                                                                                                                                                                                                                                • SelectObject.GDI32(?,00000000), ref: 007D7482
                                                                                                                                                                                                                                                • SetBkColor.GDI32(?,00000000), ref: 007D748B
                                                                                                                                                                                                                                                • SelectObject.GDI32(?,?), ref: 007D7498
                                                                                                                                                                                                                                                • InflateRect.USER32(?,000000FF,000000FF), ref: 007D74B7
                                                                                                                                                                                                                                                • RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 007D74CE
                                                                                                                                                                                                                                                • GetWindowLongW.USER32(00000000,000000F0), ref: 007D74DB
                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 007D752A
                                                                                                                                                                                                                                                • GetWindowTextW.USER32(00000000,00000000,00000001), ref: 007D7554
                                                                                                                                                                                                                                                • InflateRect.USER32(?,000000FD,000000FD), ref: 007D7572
                                                                                                                                                                                                                                                • DrawFocusRect.USER32(?,?), ref: 007D757D
                                                                                                                                                                                                                                                • GetSysColor.USER32(00000011), ref: 007D758E
                                                                                                                                                                                                                                                • SetTextColor.GDI32(?,00000000), ref: 007D7596
                                                                                                                                                                                                                                                • DrawTextW.USER32(?,007D70F5,000000FF,?,00000000), ref: 007D75A8
                                                                                                                                                                                                                                                • SelectObject.GDI32(?,?), ref: 007D75BF
                                                                                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 007D75CA
                                                                                                                                                                                                                                                • SelectObject.GDI32(?,?), ref: 007D75D0
                                                                                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 007D75D5
                                                                                                                                                                                                                                                • SetTextColor.GDI32(?,?), ref: 007D75DB
                                                                                                                                                                                                                                                • SetBkColor.GDI32(?,?), ref: 007D75E5
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Color$Object$Text$RectSelect$BrushCreateDeleteDrawInflateWindow$FocusLongMessageRoundSendSolid
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 1996641542-0
                                                                                                                                                                                                                                                • Opcode ID: ec800e2c9b688112f0286dec1f0dc907b81a019119d75289ef168605d65aaff3
                                                                                                                                                                                                                                                • Instruction ID: 7ae6f3fbdf676191ae3060525f3b8062b371ff97aa630edadd67ab17debf86d5
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ec800e2c9b688112f0286dec1f0dc907b81a019119d75289ef168605d65aaff3
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7B618372901219AFDF069FA4DC49EEEBF79EF08320F108116F915AB2A1D7799940CF90
                                                                                                                                                                                                                                                Function 007D0FF3 Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 284windowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetCursorPos.USER32(?), ref: 007D1128
                                                                                                                                                                                                                                                • GetDesktopWindow.USER32 ref: 007D113D
                                                                                                                                                                                                                                                • GetWindowRect.USER32(00000000), ref: 007D1144
                                                                                                                                                                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 007D1199
                                                                                                                                                                                                                                                • DestroyWindow.USER32(?), ref: 007D11B9
                                                                                                                                                                                                                                                • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,7FFFFFFD,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 007D11ED
                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 007D120B
                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 007D121D
                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000421,?,?), ref: 007D1232
                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,0000041D,00000000,00000000), ref: 007D1245
                                                                                                                                                                                                                                                • IsWindowVisible.USER32(00000000), ref: 007D12A1
                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000412,00000000,D8F0D8F0), ref: 007D12BC
                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000411,00000001,00000030), ref: 007D12D0
                                                                                                                                                                                                                                                • GetWindowRect.USER32(00000000,?), ref: 007D12E8
                                                                                                                                                                                                                                                • MonitorFromPoint.USER32(?,?,00000002), ref: 007D130E
                                                                                                                                                                                                                                                • GetMonitorInfoW.USER32(00000000,?), ref: 007D1328
                                                                                                                                                                                                                                                • CopyRect.USER32(?,?), ref: 007D133F
                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000412,00000000), ref: 007D13AA
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: MessageSendWindow$Rect$Monitor$CopyCreateCursorDesktopDestroyFromInfoLongPointVisible
                                                                                                                                                                                                                                                • String ID: ($0$tooltips_class32
                                                                                                                                                                                                                                                • API String ID: 698492251-4156429822
                                                                                                                                                                                                                                                • Opcode ID: 581cb83417b66729be313c4c52ecb874204a6feb1c75d9035b66aa3b6ee05a89
                                                                                                                                                                                                                                                • Instruction ID: 7939b3733425c9b1ebcac3f55be9e12e7008039e433fb8a17803739161652121
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 581cb83417b66729be313c4c52ecb874204a6feb1c75d9035b66aa3b6ee05a89
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 27B17B71608341AFD714DF64C888B6AFBF4FF88350F40891AF9999B2A1D735E844CB96
                                                                                                                                                                                                                                                Function 00758891 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 282windowtimeCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 00758968
                                                                                                                                                                                                                                                • GetSystemMetrics.USER32(00000007), ref: 00758970
                                                                                                                                                                                                                                                • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 0075899B
                                                                                                                                                                                                                                                • GetSystemMetrics.USER32(00000008), ref: 007589A3
                                                                                                                                                                                                                                                • GetSystemMetrics.USER32(00000004), ref: 007589C8
                                                                                                                                                                                                                                                • SetRect.USER32(000000FF,00000000,00000000,000000FF,000000FF), ref: 007589E5
                                                                                                                                                                                                                                                • AdjustWindowRectEx.USER32(000000FF,?,00000000,?), ref: 007589F5
                                                                                                                                                                                                                                                • CreateWindowExW.USER32(?,AutoIt v3 GUI,?,?,?,000000FF,000000FF,000000FF,?,00000000,00000000), ref: 00758A28
                                                                                                                                                                                                                                                • SetWindowLongW.USER32(00000000,000000EB,00000000), ref: 00758A3C
                                                                                                                                                                                                                                                • GetClientRect.USER32(00000000,000000FF), ref: 00758A5A
                                                                                                                                                                                                                                                • GetStockObject.GDI32(00000011), ref: 00758A76
                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000030,00000000), ref: 00758A81
                                                                                                                                                                                                                                                  • Part of subcall function 0075912D: GetCursorPos.USER32(?), ref: 00759141
                                                                                                                                                                                                                                                  • Part of subcall function 0075912D: ScreenToClient.USER32(00000000,?), ref: 0075915E
                                                                                                                                                                                                                                                  • Part of subcall function 0075912D: GetAsyncKeyState.USER32(00000001), ref: 00759183
                                                                                                                                                                                                                                                  • Part of subcall function 0075912D: GetAsyncKeyState.USER32(00000002), ref: 0075919D
                                                                                                                                                                                                                                                • SetTimer.USER32(00000000,00000000,00000028,007590FC), ref: 00758AA8
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: System$MetricsRectWindow$AsyncClientInfoParametersState$AdjustCreateCursorLongMessageObjectScreenSendStockTimer
                                                                                                                                                                                                                                                • String ID: AutoIt v3 GUI
                                                                                                                                                                                                                                                • API String ID: 1458621304-248962490
                                                                                                                                                                                                                                                • Opcode ID: 2a71a019ba762c8d2a1e36f25be01c6e26e851c1dd3f1b8f2fbe03f1c7f4f662
                                                                                                                                                                                                                                                • Instruction ID: f9e4fc3458ed30e77d95b508cbf862421efae9f464de9132c88542b8a5de3be3
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2a71a019ba762c8d2a1e36f25be01c6e26e851c1dd3f1b8f2fbe03f1c7f4f662
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BEB16F7160020ADFDF14DFA8DC49BEA7BB5FB48315F10822AFA15A7290DB78A841CB55
                                                                                                                                                                                                                                                Function 007A0D8B Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 007A10F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 007A1114
                                                                                                                                                                                                                                                  • Part of subcall function 007A10F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,007A0B9B,?,?,?), ref: 007A1120
                                                                                                                                                                                                                                                  • Part of subcall function 007A10F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,007A0B9B,?,?,?), ref: 007A112F
                                                                                                                                                                                                                                                  • Part of subcall function 007A10F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,007A0B9B,?,?,?), ref: 007A1136
                                                                                                                                                                                                                                                  • Part of subcall function 007A10F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 007A114D
                                                                                                                                                                                                                                                • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 007A0DF5
                                                                                                                                                                                                                                                • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 007A0E29
                                                                                                                                                                                                                                                • GetLengthSid.ADVAPI32(?), ref: 007A0E40
                                                                                                                                                                                                                                                • GetAce.ADVAPI32(?,00000000,?), ref: 007A0E7A
                                                                                                                                                                                                                                                • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 007A0E96
                                                                                                                                                                                                                                                • GetLengthSid.ADVAPI32(?), ref: 007A0EAD
                                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000008,00000008), ref: 007A0EB5
                                                                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000), ref: 007A0EBC
                                                                                                                                                                                                                                                • GetLengthSid.ADVAPI32(?,00000008,?), ref: 007A0EDD
                                                                                                                                                                                                                                                • CopySid.ADVAPI32(00000000), ref: 007A0EE4
                                                                                                                                                                                                                                                • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 007A0F13
                                                                                                                                                                                                                                                • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 007A0F35
                                                                                                                                                                                                                                                • SetUserObjectSecurity.USER32(?,00000004,?), ref: 007A0F47
                                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 007A0F6E
                                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000), ref: 007A0F75
                                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 007A0F7E
                                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000), ref: 007A0F85
                                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 007A0F8E
                                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000), ref: 007A0F95
                                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,?), ref: 007A0FA1
                                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000), ref: 007A0FA8
                                                                                                                                                                                                                                                  • Part of subcall function 007A1193: GetProcessHeap.KERNEL32(00000008,007A0BB1,?,00000000,?,007A0BB1,?), ref: 007A11A1
                                                                                                                                                                                                                                                  • Part of subcall function 007A1193: HeapAlloc.KERNEL32(00000000,?,00000000,?,007A0BB1,?), ref: 007A11A8
                                                                                                                                                                                                                                                  • Part of subcall function 007A1193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,007A0BB1,?), ref: 007A11B7
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 4175595110-0
                                                                                                                                                                                                                                                • Opcode ID: 72daf37d757c6bfeffc7f6f58b2d1a3438be986cf0df5dcd8c897b04503c91d4
                                                                                                                                                                                                                                                • Instruction ID: cb6b4bd49d55ccf91bfe10ef74e9d5726123c6f22db120a5317fda812d8294d6
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 72daf37d757c6bfeffc7f6f58b2d1a3438be986cf0df5dcd8c897b04503c91d4
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7171B07190121AEFDF209FA4DC49FAEBBB8BF45300F048616F954F6191D7399A05CBA0
                                                                                                                                                                                                                                                Function 007CC3B7 Relevance: 30.2, APIs: 11, Strings: 6, Instructions: 495registryCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 007CC4BD
                                                                                                                                                                                                                                                • RegCreateKeyExW.ADVAPI32(?,?,00000000,007DCC08,00000000,?,00000000,?,?), ref: 007CC544
                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(00000000,00000000,00000000), ref: 007CC5A4
                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 007CC5F4
                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 007CC66F
                                                                                                                                                                                                                                                • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000001,?,?), ref: 007CC6B2
                                                                                                                                                                                                                                                • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000007,?,?), ref: 007CC7C1
                                                                                                                                                                                                                                                • RegSetValueExW.ADVAPI32(00000001,?,00000000,0000000B,?,00000008), ref: 007CC84D
                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 007CC881
                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(00000000), ref: 007CC88E
                                                                                                                                                                                                                                                • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000003,00000000,00000000), ref: 007CC960
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Value$Close$_wcslen$ConnectCreateRegistry
                                                                                                                                                                                                                                                • String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
                                                                                                                                                                                                                                                • API String ID: 9721498-966354055
                                                                                                                                                                                                                                                • Opcode ID: 2d7afc9f2764990b90e7c1d41478c2ab74c0bef053ce24f88a311fad2e5bb37c
                                                                                                                                                                                                                                                • Instruction ID: 9bad09a84a216f27671fa29f8d93f83c47cc2650940c5ca9fb698df831d2fead
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2d7afc9f2764990b90e7c1d41478c2ab74c0bef053ce24f88a311fad2e5bb37c
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B0123535604201DFDB15DF14C895F2AB7E5EF88714F14889DF88A9B2A2DB39ED41CB81
                                                                                                                                                                                                                                                Function 007D091E Relevance: 30.1, APIs: 6, Strings: 11, Instructions: 372windowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • CharUpperBuffW.USER32(?,?), ref: 007D09C6
                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 007D0A01
                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 007D0A54
                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 007D0A8A
                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 007D0B06
                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 007D0B81
                                                                                                                                                                                                                                                  • Part of subcall function 0075F9F2: _wcslen.LIBCMT ref: 0075F9FD
                                                                                                                                                                                                                                                  • Part of subcall function 007A2BE8: SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 007A2BFA
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: _wcslen$MessageSend$BuffCharUpper
                                                                                                                                                                                                                                                • String ID: CHECK$COLLAPSE$EXISTS$EXPAND$GETITEMCOUNT$GETSELECTED$GETTEXT$GETTOTALCOUNT$ISCHECKED$SELECT$UNCHECK
                                                                                                                                                                                                                                                • API String ID: 1103490817-4258414348
                                                                                                                                                                                                                                                • Opcode ID: 625f29b19d3c63086b144edf17adea553299f95588535cd3d81a9cc551e3031b
                                                                                                                                                                                                                                                • Instruction ID: b7b1b2f4130071832fa094a9605c550988adcac84c0623a030ddcf4453531e2c
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 625f29b19d3c63086b144edf17adea553299f95588535cd3d81a9cc551e3031b
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FEE166316087019FC714DF24C854A2AB7F2FF98314F14895AF8969B3A2D739ED4ACB81
                                                                                                                                                                                                                                                Function 007CC998 Relevance: 30.0, APIs: 7, Strings: 10, Instructions: 242COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: _wcslen$BuffCharUpper
                                                                                                                                                                                                                                                • String ID: HKCC$HKCR$HKCU$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$HKLM$HKU
                                                                                                                                                                                                                                                • API String ID: 1256254125-909552448
                                                                                                                                                                                                                                                • Opcode ID: eb53b60f57eb04fb5321c0de3f9e5e1e05888ba2bb3396b718adaafb498c54f9
                                                                                                                                                                                                                                                • Instruction ID: 034818fc01b510f3e21d869c3e918d05668a666a7766a076dffb14c8e9429410
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: eb53b60f57eb04fb5321c0de3f9e5e1e05888ba2bb3396b718adaafb498c54f9
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B371D172A0052A8BCB22DEBC8D45FBE3395AB60750B15412CEC6AA7284E73DDD45C3A0
                                                                                                                                                                                                                                                Function 007D833C Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 196windowlibraryCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 007D835A
                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 007D836E
                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 007D8391
                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 007D83B4
                                                                                                                                                                                                                                                • LoadImageW.USER32(00000000,?,00000001,?,?,00002010), ref: 007D83F2
                                                                                                                                                                                                                                                • LoadLibraryExW.KERNEL32(?,00000000,00000032,?,?,00000001,?,?,?,007D361A,?), ref: 007D844E
                                                                                                                                                                                                                                                • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 007D8487
                                                                                                                                                                                                                                                • LoadImageW.USER32(00000000,?,00000001,?,?,00000000), ref: 007D84CA
                                                                                                                                                                                                                                                • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 007D8501
                                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(?), ref: 007D850D
                                                                                                                                                                                                                                                • ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 007D851D
                                                                                                                                                                                                                                                • DestroyIcon.USER32(?), ref: 007D852C
                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000170,00000000,00000000), ref: 007D8549
                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000064,00000172,00000001), ref: 007D8555
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Load$Image_wcslen$IconLibraryMessageSend$DestroyExtractFree
                                                                                                                                                                                                                                                • String ID: .dll$.exe$.icl
                                                                                                                                                                                                                                                • API String ID: 799131459-1154884017
                                                                                                                                                                                                                                                • Opcode ID: 5de487a3f8ae0894b0c39094a83d5e226353e836fb92c8bd8d72b6438917877a
                                                                                                                                                                                                                                                • Instruction ID: 003ca12fa4cdf79234547c8742e5801b9e402769f68095375cc6118d74287544
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5de487a3f8ae0894b0c39094a83d5e226353e836fb92c8bd8d72b6438917877a
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4861E171940215FAEB54DF64DC45BBF77B8FB04B11F10860AF816EA2D1DB78A950C7A0
                                                                                                                                                                                                                                                Function 00747778 Relevance: 28.3, APIs: 1, Strings: 15, Instructions: 273COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: "$#OnAutoItStartRegister$#ce$#comments-end$#comments-start$#cs$#include$#include-once$#notrayicon$#pragma compile$#requireadmin$'$Bad directive syntax error$Cannot parse #include$Unterminated group of comments
                                                                                                                                                                                                                                                • API String ID: 0-1645009161
                                                                                                                                                                                                                                                • Opcode ID: 7f3abbe1821cebb33df7a171581f9a57b6f77f95275fa547a7f7d2bf57d99e67
                                                                                                                                                                                                                                                • Instruction ID: e3335fb9bbc615b78daf4ba246e9aa7a1776b19b06d4a8e42f5605dbf69af46e
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7f3abbe1821cebb33df7a171581f9a57b6f77f95275fa547a7f7d2bf57d99e67
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2F8104B1A44605FBDB25BF60CC4AFAE77A8AF15300F004025FD05AB292EB7DDA15C7A1
                                                                                                                                                                                                                                                Function 007B3E79 Relevance: 28.2, APIs: 8, Strings: 8, Instructions: 205COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • CharLowerBuffW.USER32(?,?), ref: 007B3EF8
                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 007B3F03
                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 007B3F5A
                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 007B3F98
                                                                                                                                                                                                                                                • GetDriveTypeW.KERNEL32(?), ref: 007B3FD6
                                                                                                                                                                                                                                                • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 007B401E
                                                                                                                                                                                                                                                • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 007B4059
                                                                                                                                                                                                                                                • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 007B4087
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: SendString_wcslen$BuffCharDriveLowerType
                                                                                                                                                                                                                                                • String ID: type cdaudio alias cd wait$ wait$close$close cd wait$closed$open$open $set cd door
                                                                                                                                                                                                                                                • API String ID: 1839972693-4113822522
                                                                                                                                                                                                                                                • Opcode ID: 2c74e9c03c7ddf36ec2655a6e54e5e9cddcafdefed802179610f43089cc3173d
                                                                                                                                                                                                                                                • Instruction ID: fe407f961406231959fe431069760b749f4c4f6267e5513dcfcdd5f3f64e16c5
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2c74e9c03c7ddf36ec2655a6e54e5e9cddcafdefed802179610f43089cc3173d
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C971E1726042129FC710EF24C8819BAB7F4FF94754F10492DF99697291EB38ED49CB91
                                                                                                                                                                                                                                                Function 007A5A1B Relevance: 27.2, APIs: 18, Instructions: 198windowtimeCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • LoadIconW.USER32(00000063), ref: 007A5A2E
                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000080,00000000,00000000), ref: 007A5A40
                                                                                                                                                                                                                                                • SetWindowTextW.USER32(?,?), ref: 007A5A57
                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,000003EA), ref: 007A5A6C
                                                                                                                                                                                                                                                • SetWindowTextW.USER32(00000000,?), ref: 007A5A72
                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,000003E9), ref: 007A5A82
                                                                                                                                                                                                                                                • SetWindowTextW.USER32(00000000,?), ref: 007A5A88
                                                                                                                                                                                                                                                • SendDlgItemMessageW.USER32(?,000003E9,000000CC,?,00000000), ref: 007A5AA9
                                                                                                                                                                                                                                                • SendDlgItemMessageW.USER32(?,000003E9,000000C5,00000000,00000000), ref: 007A5AC3
                                                                                                                                                                                                                                                • GetWindowRect.USER32(?,?), ref: 007A5ACC
                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 007A5B33
                                                                                                                                                                                                                                                • SetWindowTextW.USER32(?,?), ref: 007A5B6F
                                                                                                                                                                                                                                                • GetDesktopWindow.USER32 ref: 007A5B75
                                                                                                                                                                                                                                                • GetWindowRect.USER32(00000000), ref: 007A5B7C
                                                                                                                                                                                                                                                • MoveWindow.USER32(?,?,00000080,00000000,?,00000000), ref: 007A5BD3
                                                                                                                                                                                                                                                • GetClientRect.USER32(?,?), ref: 007A5BE0
                                                                                                                                                                                                                                                • PostMessageW.USER32(?,00000005,00000000,?), ref: 007A5C05
                                                                                                                                                                                                                                                • SetTimer.USER32(?,0000040A,00000000,00000000), ref: 007A5C2F
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer_wcslen
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 895679908-0
                                                                                                                                                                                                                                                • Opcode ID: 4268f248da3729b813c439dc7cc15cfad2916d74ca2d32cd55e4371b5f3ecb9d
                                                                                                                                                                                                                                                • Instruction ID: 80315d218986e8d6f107d70c5652410d8318d0ff222184512dba43c23d667c3e
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4268f248da3729b813c439dc7cc15cfad2916d74ca2d32cd55e4371b5f3ecb9d
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 15718071A00B06EFDB21DFA8CE45B6EBBF5FF88705F104619E142A25A0D778E944CB64
                                                                                                                                                                                                                                                Function 007BFE0E Relevance: 27.1, APIs: 18, Instructions: 128COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F89), ref: 007BFE27
                                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F8A), ref: 007BFE32
                                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F00), ref: 007BFE3D
                                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F03), ref: 007BFE48
                                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F8B), ref: 007BFE53
                                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F01), ref: 007BFE5E
                                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F81), ref: 007BFE69
                                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F88), ref: 007BFE74
                                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F80), ref: 007BFE7F
                                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F86), ref: 007BFE8A
                                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F83), ref: 007BFE95
                                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F85), ref: 007BFEA0
                                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F82), ref: 007BFEAB
                                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F84), ref: 007BFEB6
                                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F04), ref: 007BFEC1
                                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F02), ref: 007BFECC
                                                                                                                                                                                                                                                • GetCursorInfo.USER32(?), ref: 007BFEDC
                                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 007BFF1E
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Cursor$Load$ErrorInfoLast
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 3215588206-0
                                                                                                                                                                                                                                                • Opcode ID: 30d9f8664f1b4e873a35c4b1baf0575777b92400edf000d9f1937a37ce04716f
                                                                                                                                                                                                                                                • Instruction ID: b6bf07fb032d938946bf7e922b8a10d61dcd84a7eff80abb55d8a728defa106a
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 30d9f8664f1b4e873a35c4b1baf0575777b92400edf000d9f1937a37ce04716f
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4C4154B0D05319AEDB109FBA8C89D6EBFE8FF04754B50452AE11DE7281DB78D901CE91
                                                                                                                                                                                                                                                Function 007600C6 Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 81COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • __scrt_initialize_thread_safe_statics_platform_specific.LIBCMT ref: 007600C6
                                                                                                                                                                                                                                                  • Part of subcall function 007600ED: InitializeCriticalSectionAndSpinCount.KERNEL32(0081070C,00000FA0,5A6693B1,?,?,?,?,007823B3,000000FF), ref: 0076011C
                                                                                                                                                                                                                                                  • Part of subcall function 007600ED: GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,?,?,007823B3,000000FF), ref: 00760127
                                                                                                                                                                                                                                                  • Part of subcall function 007600ED: GetModuleHandleW.KERNEL32(kernel32.dll,?,?,?,?,007823B3,000000FF), ref: 00760138
                                                                                                                                                                                                                                                  • Part of subcall function 007600ED: GetProcAddress.KERNEL32(00000000,InitializeConditionVariable), ref: 0076014E
                                                                                                                                                                                                                                                  • Part of subcall function 007600ED: GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 0076015C
                                                                                                                                                                                                                                                  • Part of subcall function 007600ED: GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 0076016A
                                                                                                                                                                                                                                                  • Part of subcall function 007600ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 00760195
                                                                                                                                                                                                                                                  • Part of subcall function 007600ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 007601A0
                                                                                                                                                                                                                                                • ___scrt_fastfail.LIBCMT ref: 007600E7
                                                                                                                                                                                                                                                  • Part of subcall function 007600A3: __onexit.LIBCMT ref: 007600A9
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                • WakeAllConditionVariable, xrefs: 00760162
                                                                                                                                                                                                                                                • kernel32.dll, xrefs: 00760133
                                                                                                                                                                                                                                                • InitializeConditionVariable, xrefs: 00760148
                                                                                                                                                                                                                                                • SleepConditionVariableCS, xrefs: 00760154
                                                                                                                                                                                                                                                • api-ms-win-core-synch-l1-2-0.dll, xrefs: 00760122
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: AddressProc$HandleModule__crt_fast_encode_pointer$CountCriticalInitializeSectionSpin___scrt_fastfail__onexit__scrt_initialize_thread_safe_statics_platform_specific
                                                                                                                                                                                                                                                • String ID: InitializeConditionVariable$SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
                                                                                                                                                                                                                                                • API String ID: 66158676-1714406822
                                                                                                                                                                                                                                                • Opcode ID: 12a60488035af3e7aedd64d9b907495fdacb5f02da83142f8641169f3972ae0f
                                                                                                                                                                                                                                                • Instruction ID: 972f87d03b412f59dff443a1d41ac39a9ee06dcc62031e0f47483c8c389aebe0
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 12a60488035af3e7aedd64d9b907495fdacb5f02da83142f8641169f3972ae0f
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8921077264171AABD7155BA4AC0AB6F37B8EF06B51F10452AFC03D27D1DAAD98008AD4
                                                                                                                                                                                                                                                Function 007A30F7 Relevance: 24.9, APIs: 8, Strings: 6, Instructions: 400COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: _wcslen
                                                                                                                                                                                                                                                • String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT
                                                                                                                                                                                                                                                • API String ID: 176396367-1603158881
                                                                                                                                                                                                                                                • Opcode ID: 09a91f475f5dee7c39b6c7a7372920b5c667dff42a18d4ca8ac1555c5f910518
                                                                                                                                                                                                                                                • Instruction ID: 912b13a23d55ca3ec72cb7bb5546f1f230181cd5f325aa8f10f8f24fb575ac65
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 09a91f475f5dee7c39b6c7a7372920b5c667dff42a18d4ca8ac1555c5f910518
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 87E1E732A00516EBCB149FB8C8557EEFB70BF96710F548319F456E7240DB38AE458B90
                                                                                                                                                                                                                                                Function 007B44C0 Relevance: 24.8, APIs: 7, Strings: 7, Instructions: 309COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • CharLowerBuffW.USER32(00000000,00000000,007DCC08), ref: 007B4527
                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 007B453B
                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 007B4599
                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 007B45F4
                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 007B463F
                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 007B46A7
                                                                                                                                                                                                                                                  • Part of subcall function 0075F9F2: _wcslen.LIBCMT ref: 0075F9FD
                                                                                                                                                                                                                                                • GetDriveTypeW.KERNEL32(?,00806BF0,00000061), ref: 007B4743
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: _wcslen$BuffCharDriveLowerType
                                                                                                                                                                                                                                                • String ID: all$cdrom$fixed$network$ramdisk$removable$unknown
                                                                                                                                                                                                                                                • API String ID: 2055661098-1000479233
                                                                                                                                                                                                                                                • Opcode ID: 034280af098ad70affc811a3cc76dc805ca74c9ebc79c7d5fb65f4bc5526cd1a
                                                                                                                                                                                                                                                • Instruction ID: e4162e7ba3c18a22048499c80375813d4f30e36200c18cc4dd725e70658807f4
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 034280af098ad70affc811a3cc76dc805ca74c9ebc79c7d5fb65f4bc5526cd1a
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7DB1E1716083029FC720DF28C894BAAB7E5FFA5724F50491DF596C7292EB38D854CB62
                                                                                                                                                                                                                                                Function 007BC476 Relevance: 24.6, APIs: 12, Strings: 2, Instructions: 143networkCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 007BC4B0
                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 007BC4C3
                                                                                                                                                                                                                                                • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 007BC4D7
                                                                                                                                                                                                                                                • HttpOpenRequestW.WININET(00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 007BC4F0
                                                                                                                                                                                                                                                • InternetQueryOptionW.WININET(00000000,0000001F,?,?), ref: 007BC533
                                                                                                                                                                                                                                                • InternetSetOptionW.WININET(00000000,0000001F,00000100,00000004), ref: 007BC549
                                                                                                                                                                                                                                                • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 007BC554
                                                                                                                                                                                                                                                • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 007BC584
                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 007BC5DC
                                                                                                                                                                                                                                                • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 007BC5F0
                                                                                                                                                                                                                                                • InternetCloseHandle.WININET(00000000), ref: 007BC5FB
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                • , xrefs: 007BC575
                                                                                                                                                                                                                                                • _______________________________________________________________________________________________________________________________abccccccccdeefghijklmnopqrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstyzzzzzzzzzzzzzzzz{{{{, xrefs: 007BC490
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Internet$Http$ErrorEventLastOptionQueryRequest$CloseConnectHandleInfoOpenSend
                                                                                                                                                                                                                                                • String ID: $_______________________________________________________________________________________________________________________________abccccccccdeefghijklmnopqrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstyzzzzzzzzzzzzzzzz{{{{
                                                                                                                                                                                                                                                • API String ID: 3800310941-3401428005
                                                                                                                                                                                                                                                • Opcode ID: 88bcb4dfe584f11fa5b7f512ec245c5515f3e952626e910bcafe2f931d242bb4
                                                                                                                                                                                                                                                • Instruction ID: 81a7616cfb7b1e59becc96e1a9a34aed678664d53beb71bb12981b22f670687e
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 88bcb4dfe584f11fa5b7f512ec245c5515f3e952626e910bcafe2f931d242bb4
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9D514DB1501209BFDB229F60C988BEB7BBCFF08754F14841AF945D6210DB38EA54DB60
                                                                                                                                                                                                                                                Function 007C3FE9 Relevance: 23.2, APIs: 11, Strings: 2, Instructions: 478libraryloaderCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • LoadLibraryA.KERNEL32(kernel32.dll,?,007DCC08), ref: 007C40BB
                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,GetModuleHandleExW), ref: 007C40CD
                                                                                                                                                                                                                                                • GetModuleFileNameW.KERNEL32(?,?,00000104,?,?,?,007DCC08), ref: 007C40F2
                                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000,?,007DCC08), ref: 007C413E
                                                                                                                                                                                                                                                • StringFromGUID2.OLE32(?,?,00000028,?,007DCC08), ref: 007C41A8
                                                                                                                                                                                                                                                • SysFreeString.OLEAUT32(00000009), ref: 007C4262
                                                                                                                                                                                                                                                • QueryPathOfRegTypeLib.OLEAUT32(?,?,?,?,?), ref: 007C42C8
                                                                                                                                                                                                                                                • SysFreeString.OLEAUT32(?), ref: 007C42F2
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: FreeString$Library$AddressFileFromLoadModuleNamePathProcQueryType
                                                                                                                                                                                                                                                • String ID: GetModuleHandleExW$kernel32.dll
                                                                                                                                                                                                                                                • API String ID: 354098117-199464113
                                                                                                                                                                                                                                                • Opcode ID: 62449a3ba2ac23b46a4dd3066411b8dec4f8a0a811b181dcc62bb3235ff7b594
                                                                                                                                                                                                                                                • Instruction ID: d4c2b4e79e725700e460a9af682a4e98699edeb32b162fab5b447e9256e4ff9b
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 62449a3ba2ac23b46a4dd3066411b8dec4f8a0a811b181dcc62bb3235ff7b594
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4F122875A00119EFDB14CF94C898EAEBBB5FF45314F24809DE905AB251D735EE82CBA0
                                                                                                                                                                                                                                                Function 0074326F Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 214windowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetMenuItemCount.USER32(00811990), ref: 00782F8D
                                                                                                                                                                                                                                                • GetMenuItemCount.USER32(00811990), ref: 0078303D
                                                                                                                                                                                                                                                • GetCursorPos.USER32(?), ref: 00783081
                                                                                                                                                                                                                                                • SetForegroundWindow.USER32(00000000), ref: 0078308A
                                                                                                                                                                                                                                                • TrackPopupMenuEx.USER32(00811990,00000000,?,00000000,00000000,00000000), ref: 0078309D
                                                                                                                                                                                                                                                • PostMessageW.USER32(00000000,00000000,00000000,00000000), ref: 007830A9
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Menu$CountItem$CursorForegroundMessagePopupPostTrackWindow
                                                                                                                                                                                                                                                • String ID: 0
                                                                                                                                                                                                                                                • API String ID: 36266755-4108050209
                                                                                                                                                                                                                                                • Opcode ID: 7bc93f0574e1a2f850cf15114faecac6e8218c53ad59cb4578e6ef9e03a89af3
                                                                                                                                                                                                                                                • Instruction ID: 52711632df6b56de747895ad2ac159235c07609a9cc2d9c9d280937b029a87c1
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7bc93f0574e1a2f850cf15114faecac6e8218c53ad59cb4578e6ef9e03a89af3
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A3712B70684206BEEB219F24DC4DFAABF75FF05324F204216F629A61E1C7B9AD10DB50
                                                                                                                                                                                                                                                Function 007D6CD9 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 194windowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • DestroyWindow.USER32(00000000,?), ref: 007D6DEB
                                                                                                                                                                                                                                                  • Part of subcall function 00746B57: _wcslen.LIBCMT ref: 00746B6A
                                                                                                                                                                                                                                                • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00000000,?), ref: 007D6E5F
                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000433,00000000,00000030), ref: 007D6E81
                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 007D6E94
                                                                                                                                                                                                                                                • DestroyWindow.USER32(?), ref: 007D6EB5
                                                                                                                                                                                                                                                • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00740000,00000000), ref: 007D6EE4
                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 007D6EFD
                                                                                                                                                                                                                                                • GetDesktopWindow.USER32 ref: 007D6F16
                                                                                                                                                                                                                                                • GetWindowRect.USER32(00000000), ref: 007D6F1D
                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 007D6F35
                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000421,?,00000000), ref: 007D6F4D
                                                                                                                                                                                                                                                  • Part of subcall function 00759944: GetWindowLongW.USER32(?,000000EB), ref: 00759952
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Window$MessageSend$CreateDestroy$DesktopLongRect_wcslen
                                                                                                                                                                                                                                                • String ID: 0$tooltips_class32
                                                                                                                                                                                                                                                • API String ID: 2429346358-3619404913
                                                                                                                                                                                                                                                • Opcode ID: d6149f252b1fe0474c35802a435162b813d9479f0ac07727162e2afb8e5d3373
                                                                                                                                                                                                                                                • Instruction ID: e7b29e31e3bb7fd77c1a522ce85358b45af3a95953e99614b118f4d92aaabecf
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d6149f252b1fe0474c35802a435162b813d9479f0ac07727162e2afb8e5d3373
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2C716674104245AFDB21CF18DC48EAABBF9FB89304F54451EF99987361C778E906CB16
                                                                                                                                                                                                                                                Function 007D911E Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 181windowfileCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 00759BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00759BB2
                                                                                                                                                                                                                                                • DragQueryPoint.SHELL32(?,?), ref: 007D9147
                                                                                                                                                                                                                                                  • Part of subcall function 007D7674: ClientToScreen.USER32(?,?), ref: 007D769A
                                                                                                                                                                                                                                                  • Part of subcall function 007D7674: GetWindowRect.USER32(?,?), ref: 007D7710
                                                                                                                                                                                                                                                  • Part of subcall function 007D7674: PtInRect.USER32(?,?,007D8B89), ref: 007D7720
                                                                                                                                                                                                                                                • SendMessageW.USER32(?,000000B0,?,?), ref: 007D91B0
                                                                                                                                                                                                                                                • DragQueryFileW.SHELL32(?,000000FF,00000000,00000000), ref: 007D91BB
                                                                                                                                                                                                                                                • DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 007D91DE
                                                                                                                                                                                                                                                • SendMessageW.USER32(?,000000C2,00000001,?), ref: 007D9225
                                                                                                                                                                                                                                                • SendMessageW.USER32(?,000000B0,?,?), ref: 007D923E
                                                                                                                                                                                                                                                • SendMessageW.USER32(?,000000B1,?,?), ref: 007D9255
                                                                                                                                                                                                                                                • SendMessageW.USER32(?,000000B1,?,?), ref: 007D9277
                                                                                                                                                                                                                                                • DragFinish.SHELL32(?), ref: 007D927E
                                                                                                                                                                                                                                                • DefDlgProcW.USER32(?,00000233,?,00000000,?,?,?), ref: 007D9371
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: MessageSend$Drag$Query$FileRectWindow$ClientFinishLongPointProcScreen
                                                                                                                                                                                                                                                • String ID: @GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID
                                                                                                                                                                                                                                                • API String ID: 221274066-3440237614
                                                                                                                                                                                                                                                • Opcode ID: 3a0676e7a5cf018323586ee8397363d7aab7b73f5713d1fe44817a533c460b11
                                                                                                                                                                                                                                                • Instruction ID: e0f33544de393de88dd4b891355f17c32854f31a41cf673c4adc6b935dcf5b5a
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3a0676e7a5cf018323586ee8397363d7aab7b73f5713d1fe44817a533c460b11
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E0616971108301AFC701DF64DC89DABBBF8FF89350F00491EF695922A1DB34AA49CB62
                                                                                                                                                                                                                                                Function 007D856F Relevance: 22.6, APIs: 15, Instructions: 131filecommemoryCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,00000000,?), ref: 007D8592
                                                                                                                                                                                                                                                • GetFileSize.KERNEL32(00000000,00000000), ref: 007D85A2
                                                                                                                                                                                                                                                • GlobalAlloc.KERNEL32(00000002,00000000), ref: 007D85AD
                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 007D85BA
                                                                                                                                                                                                                                                • GlobalLock.KERNEL32(00000000), ref: 007D85C8
                                                                                                                                                                                                                                                • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 007D85D7
                                                                                                                                                                                                                                                • GlobalUnlock.KERNEL32(00000000), ref: 007D85E0
                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 007D85E7
                                                                                                                                                                                                                                                • CreateStreamOnHGlobal.OLE32(00000000,00000001,?), ref: 007D85F8
                                                                                                                                                                                                                                                • OleLoadPicture.OLEAUT32(?,00000000,00000000,007DFC38,?), ref: 007D8611
                                                                                                                                                                                                                                                • GlobalFree.KERNEL32(00000000), ref: 007D8621
                                                                                                                                                                                                                                                • GetObjectW.GDI32(?,00000018,000000FF), ref: 007D8641
                                                                                                                                                                                                                                                • CopyImage.USER32(?,00000000,00000000,?,00002000), ref: 007D8671
                                                                                                                                                                                                                                                • DeleteObject.GDI32(00000000), ref: 007D8699
                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000172,00000000,00000000), ref: 007D86AF
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Global$File$CloseCreateHandleObject$AllocCopyDeleteFreeImageLoadLockMessagePictureReadSendSizeStreamUnlock
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 3840717409-0
                                                                                                                                                                                                                                                • Opcode ID: 32fdeed01763198c5cbaa92279a543cded61b52fd262b48667e95bee0db238ac
                                                                                                                                                                                                                                                • Instruction ID: 9f2db606b0048c2ace924a6f9ffbe2118024dacb5006131ed499b21826655149
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 32fdeed01763198c5cbaa92279a543cded61b52fd262b48667e95bee0db238ac
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 49414C71601209AFDB118FA5DC48EAE7BBCFF89711F10815AF906E7260DB38AD01CB25
                                                                                                                                                                                                                                                Function 007B14BD Relevance: 21.4, APIs: 10, Strings: 2, Instructions: 360timeCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • VariantInit.OLEAUT32(00000000), ref: 007B1502
                                                                                                                                                                                                                                                • VariantCopy.OLEAUT32(?,?), ref: 007B150B
                                                                                                                                                                                                                                                • VariantClear.OLEAUT32(?), ref: 007B1517
                                                                                                                                                                                                                                                • VariantTimeToSystemTime.OLEAUT32(?,?,?), ref: 007B15FB
                                                                                                                                                                                                                                                • VarR8FromDec.OLEAUT32(?,?), ref: 007B1657
                                                                                                                                                                                                                                                • VariantInit.OLEAUT32(?), ref: 007B1708
                                                                                                                                                                                                                                                • SysFreeString.OLEAUT32(?), ref: 007B178C
                                                                                                                                                                                                                                                • VariantClear.OLEAUT32(?), ref: 007B17D8
                                                                                                                                                                                                                                                • VariantClear.OLEAUT32(?), ref: 007B17E7
                                                                                                                                                                                                                                                • VariantInit.OLEAUT32(00000000), ref: 007B1823
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Variant$ClearInit$Time$CopyFreeFromStringSystem
                                                                                                                                                                                                                                                • String ID: %4d%02d%02d%02d%02d%02d$Default
                                                                                                                                                                                                                                                • API String ID: 1234038744-3931177956
                                                                                                                                                                                                                                                • Opcode ID: 618f01a9f2a61bbe92d5d974cced84477a64fc78f66000cf96987b08f31894fc
                                                                                                                                                                                                                                                • Instruction ID: ea9fba5ebce09a780581ee598e2109c74265c0632f7bbec92390b3647720ffb4
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 618f01a9f2a61bbe92d5d974cced84477a64fc78f66000cf96987b08f31894fc
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2BD10372600215EBDB209F64E8A9BF9B7B5BF44700FD08156F806AB180DB7CEC54DBA1
                                                                                                                                                                                                                                                Function 007CB60E Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 285registrylibraryloaderCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 00749CB3: _wcslen.LIBCMT ref: 00749CBD
                                                                                                                                                                                                                                                  • Part of subcall function 007CC998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,007CB6AE,?,?), ref: 007CC9B5
                                                                                                                                                                                                                                                  • Part of subcall function 007CC998: _wcslen.LIBCMT ref: 007CC9F1
                                                                                                                                                                                                                                                  • Part of subcall function 007CC998: _wcslen.LIBCMT ref: 007CCA68
                                                                                                                                                                                                                                                  • Part of subcall function 007CC998: _wcslen.LIBCMT ref: 007CCA9E
                                                                                                                                                                                                                                                • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 007CB6F4
                                                                                                                                                                                                                                                • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 007CB772
                                                                                                                                                                                                                                                • RegDeleteValueW.ADVAPI32(?,?), ref: 007CB80A
                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 007CB87E
                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 007CB89C
                                                                                                                                                                                                                                                • LoadLibraryA.KERNEL32(advapi32.dll), ref: 007CB8F2
                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 007CB904
                                                                                                                                                                                                                                                • RegDeleteKeyW.ADVAPI32(?,?), ref: 007CB922
                                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000), ref: 007CB983
                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(00000000), ref: 007CB994
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: _wcslen$Close$DeleteLibrary$AddressBuffCharConnectFreeLoadOpenProcRegistryUpperValue
                                                                                                                                                                                                                                                • String ID: RegDeleteKeyExW$advapi32.dll
                                                                                                                                                                                                                                                • API String ID: 146587525-4033151799
                                                                                                                                                                                                                                                • Opcode ID: 2851f435ead61ff7832d340dfb8c2281e1f2535cf949b51ea2dc5cc6787f8fb1
                                                                                                                                                                                                                                                • Instruction ID: 4354fd56f9352fff4067ee8457cb8a9bf3f2a008eceec809e809dd6af62731ee
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2851f435ead61ff7832d340dfb8c2281e1f2535cf949b51ea2dc5cc6787f8fb1
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 19C17B71205201EFD715DF24C499F2ABBE5BF84308F14859DF59A8B2A2CB3AEC45CB91
                                                                                                                                                                                                                                                Function 007C255C Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 169windowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetDC.USER32(00000000), ref: 007C25D8
                                                                                                                                                                                                                                                • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 007C25E8
                                                                                                                                                                                                                                                • CreateCompatibleDC.GDI32(?), ref: 007C25F4
                                                                                                                                                                                                                                                • SelectObject.GDI32(00000000,?), ref: 007C2601
                                                                                                                                                                                                                                                • StretchBlt.GDI32(?,00000000,00000000,?,?,?,00000006,?,?,?,00CC0020), ref: 007C266D
                                                                                                                                                                                                                                                • GetDIBits.GDI32(?,?,00000000,00000000,00000000,00000028,00000000), ref: 007C26AC
                                                                                                                                                                                                                                                • GetDIBits.GDI32(?,?,00000000,?,00000000,00000028,00000000), ref: 007C26D0
                                                                                                                                                                                                                                                • SelectObject.GDI32(?,?), ref: 007C26D8
                                                                                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 007C26E1
                                                                                                                                                                                                                                                • DeleteDC.GDI32(?), ref: 007C26E8
                                                                                                                                                                                                                                                • ReleaseDC.USER32(00000000,?), ref: 007C26F3
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Object$BitsCompatibleCreateDeleteSelect$BitmapReleaseStretch
                                                                                                                                                                                                                                                • String ID: (
                                                                                                                                                                                                                                                • API String ID: 2598888154-3887548279
                                                                                                                                                                                                                                                • Opcode ID: 5ce7944ba83f266e834b5b35cf6e8145cd55cb0d15c76a3f50c4c8ad9268f230
                                                                                                                                                                                                                                                • Instruction ID: 952aa884b8784810ccec9cceac03975ff9ce6b6872c5d8e3e1c4936b0be633b1
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5ce7944ba83f266e834b5b35cf6e8145cd55cb0d15c76a3f50c4c8ad9268f230
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BF61E1B5D0021AEFCB05CFA8D884EAEBBB5FF48310F20852EE955A7251D774A941CF64
                                                                                                                                                                                                                                                Function 0077DA5D Relevance: 19.6, APIs: 13, Instructions: 114COMMONLIBRARYCODE
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • ___free_lconv_mon.LIBCMT ref: 0077DAA1
                                                                                                                                                                                                                                                  • Part of subcall function 0077D63C: _free.LIBCMT ref: 0077D659
                                                                                                                                                                                                                                                  • Part of subcall function 0077D63C: _free.LIBCMT ref: 0077D66B
                                                                                                                                                                                                                                                  • Part of subcall function 0077D63C: _free.LIBCMT ref: 0077D67D
                                                                                                                                                                                                                                                  • Part of subcall function 0077D63C: _free.LIBCMT ref: 0077D68F
                                                                                                                                                                                                                                                  • Part of subcall function 0077D63C: _free.LIBCMT ref: 0077D6A1
                                                                                                                                                                                                                                                  • Part of subcall function 0077D63C: _free.LIBCMT ref: 0077D6B3
                                                                                                                                                                                                                                                  • Part of subcall function 0077D63C: _free.LIBCMT ref: 0077D6C5
                                                                                                                                                                                                                                                  • Part of subcall function 0077D63C: _free.LIBCMT ref: 0077D6D7
                                                                                                                                                                                                                                                  • Part of subcall function 0077D63C: _free.LIBCMT ref: 0077D6E9
                                                                                                                                                                                                                                                  • Part of subcall function 0077D63C: _free.LIBCMT ref: 0077D6FB
                                                                                                                                                                                                                                                  • Part of subcall function 0077D63C: _free.LIBCMT ref: 0077D70D
                                                                                                                                                                                                                                                  • Part of subcall function 0077D63C: _free.LIBCMT ref: 0077D71F
                                                                                                                                                                                                                                                  • Part of subcall function 0077D63C: _free.LIBCMT ref: 0077D731
                                                                                                                                                                                                                                                • _free.LIBCMT ref: 0077DA96
                                                                                                                                                                                                                                                  • Part of subcall function 007729C8: RtlFreeHeap.NTDLL(00000000,00000000,?,0077D7D1,00000000,00000000,00000000,00000000,?,0077D7F8,00000000,00000007,00000000,?,0077DBF5,00000000), ref: 007729DE
                                                                                                                                                                                                                                                  • Part of subcall function 007729C8: GetLastError.KERNEL32(00000000,?,0077D7D1,00000000,00000000,00000000,00000000,?,0077D7F8,00000000,00000007,00000000,?,0077DBF5,00000000,00000000), ref: 007729F0
                                                                                                                                                                                                                                                • _free.LIBCMT ref: 0077DAB8
                                                                                                                                                                                                                                                • _free.LIBCMT ref: 0077DACD
                                                                                                                                                                                                                                                • _free.LIBCMT ref: 0077DAD8
                                                                                                                                                                                                                                                • _free.LIBCMT ref: 0077DAFA
                                                                                                                                                                                                                                                • _free.LIBCMT ref: 0077DB0D
                                                                                                                                                                                                                                                • _free.LIBCMT ref: 0077DB1B
                                                                                                                                                                                                                                                • _free.LIBCMT ref: 0077DB26
                                                                                                                                                                                                                                                • _free.LIBCMT ref: 0077DB5E
                                                                                                                                                                                                                                                • _free.LIBCMT ref: 0077DB65
                                                                                                                                                                                                                                                • _free.LIBCMT ref: 0077DB82
                                                                                                                                                                                                                                                • _free.LIBCMT ref: 0077DB9A
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 161543041-0
                                                                                                                                                                                                                                                • Opcode ID: 32cca78672ac480629a2b121d9556a9190482fe1a97df2017637db8b82c34edb
                                                                                                                                                                                                                                                • Instruction ID: b4e537cbdfdab0cdcdf0969f08a0e303c9b3c42cf8fabeccf8bc25fb55c9e653
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 32cca78672ac480629a2b121d9556a9190482fe1a97df2017637db8b82c34edb
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 50314871604305DFEF31AA78E849B5AB7E8FF00390F15C429E55CE71A2DA38BC818B60
                                                                                                                                                                                                                                                Function 007A365B Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 267windowtimeCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetClassNameW.USER32(?,?,00000100), ref: 007A369C
                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 007A36A7
                                                                                                                                                                                                                                                • SendMessageTimeoutW.USER32(?,?,00000101,00000000,00000002,00001388,?), ref: 007A3797
                                                                                                                                                                                                                                                • GetClassNameW.USER32(?,?,00000400), ref: 007A380C
                                                                                                                                                                                                                                                • GetDlgCtrlID.USER32(?), ref: 007A385D
                                                                                                                                                                                                                                                • GetWindowRect.USER32(?,?), ref: 007A3882
                                                                                                                                                                                                                                                • GetParent.USER32(?), ref: 007A38A0
                                                                                                                                                                                                                                                • ScreenToClient.USER32(00000000), ref: 007A38A7
                                                                                                                                                                                                                                                • GetClassNameW.USER32(?,?,00000100), ref: 007A3921
                                                                                                                                                                                                                                                • GetWindowTextW.USER32(?,?,00000400), ref: 007A395D
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ClassName$Window$ClientCtrlMessageParentRectScreenSendTextTimeout_wcslen
                                                                                                                                                                                                                                                • String ID: %s%u
                                                                                                                                                                                                                                                • API String ID: 4010501982-679674701
                                                                                                                                                                                                                                                • Opcode ID: 3c79ae8ee9b07f32fcd7ff02147d77c946182d2102d22f410eb0ca658508ea68
                                                                                                                                                                                                                                                • Instruction ID: 6cb7cef989499c3a3e20fafd35d7c6f008787f8b0cb6f094638aac1e87022972
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3c79ae8ee9b07f32fcd7ff02147d77c946182d2102d22f410eb0ca658508ea68
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F291C371204706EFD719DF24C885BAAF7A8FF85354F008729F999C2190DB38EA55CBA1
                                                                                                                                                                                                                                                Function 007A4954 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 253COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetClassNameW.USER32(?,?,00000400), ref: 007A4994
                                                                                                                                                                                                                                                • GetWindowTextW.USER32(?,?,00000400), ref: 007A49DA
                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 007A49EB
                                                                                                                                                                                                                                                • CharUpperBuffW.USER32(?,00000000), ref: 007A49F7
                                                                                                                                                                                                                                                • _wcsstr.LIBVCRUNTIME ref: 007A4A2C
                                                                                                                                                                                                                                                • GetClassNameW.USER32(00000018,?,00000400), ref: 007A4A64
                                                                                                                                                                                                                                                • GetWindowTextW.USER32(?,?,00000400), ref: 007A4A9D
                                                                                                                                                                                                                                                • GetClassNameW.USER32(00000018,?,00000400), ref: 007A4AE6
                                                                                                                                                                                                                                                • GetClassNameW.USER32(?,?,00000400), ref: 007A4B20
                                                                                                                                                                                                                                                • GetWindowRect.USER32(?,?), ref: 007A4B8B
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ClassName$Window$Text$BuffCharRectUpper_wcslen_wcsstr
                                                                                                                                                                                                                                                • String ID: ThumbnailClass
                                                                                                                                                                                                                                                • API String ID: 1311036022-1241985126
                                                                                                                                                                                                                                                • Opcode ID: cab0bcaee1b19d796aace2ddd9cc22467d9643846633fadd16754ebc01cf64cb
                                                                                                                                                                                                                                                • Instruction ID: 3cfb66e9858f06fc925d321e1a76124114bbefc65e458cb7fb878df613989337
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: cab0bcaee1b19d796aace2ddd9cc22467d9643846633fadd16754ebc01cf64cb
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CC91BF71004205DFDB04CF14C985BAAB7E8FFC5314F04866AFD869A096DB7AED45CBA1
                                                                                                                                                                                                                                                Function 007ABF30 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 190windowsleepCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetMenuItemInfoW.USER32(00811990,000000FF,00000000,00000030), ref: 007ABFAC
                                                                                                                                                                                                                                                • SetMenuItemInfoW.USER32(00811990,00000004,00000000,00000030), ref: 007ABFE1
                                                                                                                                                                                                                                                • Sleep.KERNEL32(000001F4), ref: 007ABFF3
                                                                                                                                                                                                                                                • GetMenuItemCount.USER32(?), ref: 007AC039
                                                                                                                                                                                                                                                • GetMenuItemID.USER32(?,00000000), ref: 007AC056
                                                                                                                                                                                                                                                • GetMenuItemID.USER32(?,-00000001), ref: 007AC082
                                                                                                                                                                                                                                                • GetMenuItemID.USER32(?,?), ref: 007AC0C9
                                                                                                                                                                                                                                                • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 007AC10F
                                                                                                                                                                                                                                                • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 007AC124
                                                                                                                                                                                                                                                • SetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 007AC145
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ItemMenu$Info$CheckCountRadioSleep
                                                                                                                                                                                                                                                • String ID: 0
                                                                                                                                                                                                                                                • API String ID: 1460738036-4108050209
                                                                                                                                                                                                                                                • Opcode ID: 8c9aa563490eb3d0f7782d498765ac370c3b13c133e96d366c70eea0e71d16b0
                                                                                                                                                                                                                                                • Instruction ID: 93e5ba9c400db59dbf6c8470a4621fa59a66c725c80bb8e04c52ed77fc685bc6
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8c9aa563490eb3d0f7782d498765ac370c3b13c133e96d366c70eea0e71d16b0
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5B6172B0A0024AFFDF12CF64DD88AAE7BB8EB86344F144255F911A3251D739AD14CB60
                                                                                                                                                                                                                                                Function 007CCC34 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 104registryCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 007CCC64
                                                                                                                                                                                                                                                • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?,00000000), ref: 007CCC8D
                                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 007CCD48
                                                                                                                                                                                                                                                  • Part of subcall function 007CCC34: RegCloseKey.ADVAPI32(?,?,?,00000000), ref: 007CCCAA
                                                                                                                                                                                                                                                  • Part of subcall function 007CCC34: LoadLibraryA.KERNEL32(advapi32.dll,?,?,00000000), ref: 007CCCBD
                                                                                                                                                                                                                                                  • Part of subcall function 007CCC34: GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 007CCCCF
                                                                                                                                                                                                                                                  • Part of subcall function 007CCC34: FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 007CCD05
                                                                                                                                                                                                                                                  • Part of subcall function 007CCC34: RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 007CCD28
                                                                                                                                                                                                                                                • RegDeleteKeyW.ADVAPI32(?,?), ref: 007CCCF3
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Library$EnumFree$AddressCloseDeleteLoadOpenProc
                                                                                                                                                                                                                                                • String ID: RegDeleteKeyExW$advapi32.dll
                                                                                                                                                                                                                                                • API String ID: 2734957052-4033151799
                                                                                                                                                                                                                                                • Opcode ID: 3fa6533ceae46525e02b6cacdedf189946729bcac5ba7f6336ec5076409bd94a
                                                                                                                                                                                                                                                • Instruction ID: 8db3bc025c18e02cd40d561a8a647b2a4d13a7e44125dc1babe168700a9724bf
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3fa6533ceae46525e02b6cacdedf189946729bcac5ba7f6336ec5076409bd94a
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 75318571A01129BBDB228B50DC88EFFBB7CEF15740F00416DF90AE6140DB389A45DAB4
                                                                                                                                                                                                                                                Function 007B3D1E Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 101fileCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 007B3D40
                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 007B3D6D
                                                                                                                                                                                                                                                • CreateDirectoryW.KERNEL32(?,00000000), ref: 007B3D9D
                                                                                                                                                                                                                                                • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000003,02200000,00000000), ref: 007B3DBE
                                                                                                                                                                                                                                                • RemoveDirectoryW.KERNEL32(?), ref: 007B3DCE
                                                                                                                                                                                                                                                • DeviceIoControl.KERNEL32(00000000,000900A4,?,?,00000000,00000000,?,00000000), ref: 007B3E55
                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 007B3E60
                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 007B3E6B
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CloseCreateDirectoryHandle$ControlDeviceFileFullNamePathRemove_wcslen
                                                                                                                                                                                                                                                • String ID: :$\$\??\%s
                                                                                                                                                                                                                                                • API String ID: 1149970189-3457252023
                                                                                                                                                                                                                                                • Opcode ID: f90452e331d092f9426934b821dcd2390627ad3f83b277beff498bb9d119e404
                                                                                                                                                                                                                                                • Instruction ID: 184a6c36987ac23a843bf6708784de8226557384ed3af958dc77f2b3da8745ac
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f90452e331d092f9426934b821dcd2390627ad3f83b277beff498bb9d119e404
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B7319475A4021AABDB219BA0DC49FEF37BCEF89700F5041B6F505D6160EB789784CB64
                                                                                                                                                                                                                                                Function 007AE6B0 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 72sleepwindowtimeCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • timeGetTime.WINMM ref: 007AE6B4
                                                                                                                                                                                                                                                  • Part of subcall function 0075E551: timeGetTime.WINMM(?,?,007AE6D4), ref: 0075E555
                                                                                                                                                                                                                                                • Sleep.KERNEL32(0000000A), ref: 007AE6E1
                                                                                                                                                                                                                                                • EnumThreadWindows.USER32(?,Function_0006E665,00000000), ref: 007AE705
                                                                                                                                                                                                                                                • FindWindowExW.USER32(00000000,00000000,BUTTON,00000000), ref: 007AE727
                                                                                                                                                                                                                                                • SetActiveWindow.USER32 ref: 007AE746
                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,000000F5,00000000,00000000), ref: 007AE754
                                                                                                                                                                                                                                                • SendMessageW.USER32(00000010,00000000,00000000), ref: 007AE773
                                                                                                                                                                                                                                                • Sleep.KERNEL32(000000FA), ref: 007AE77E
                                                                                                                                                                                                                                                • IsWindow.USER32 ref: 007AE78A
                                                                                                                                                                                                                                                • EndDialog.USER32(00000000), ref: 007AE79B
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Window$MessageSendSleepTimetime$ActiveDialogEnumFindThreadWindows
                                                                                                                                                                                                                                                • String ID: BUTTON
                                                                                                                                                                                                                                                • API String ID: 1194449130-3405671355
                                                                                                                                                                                                                                                • Opcode ID: 58cc93873a86dcc4ff7ad45ccf4cdd1812ec6c233eace6fffceb3a552198cf18
                                                                                                                                                                                                                                                • Instruction ID: 46ce6045e1faff55f35d96f1aade233a415c184f9a111f053057981460c7b4e5
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 58cc93873a86dcc4ff7ad45ccf4cdd1812ec6c233eace6fffceb3a552198cf18
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 322154B1201205AFEB019F60EC8DB653B7DFBE6749F108526F515821E1DB7DAC20CB29
                                                                                                                                                                                                                                                Function 007AE9FC Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 71COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 00749CB3: _wcslen.LIBCMT ref: 00749CBD
                                                                                                                                                                                                                                                • mciSendStringW.WINMM(status PlayMe mode,?,00000100,00000000), ref: 007AEA5D
                                                                                                                                                                                                                                                • mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 007AEA73
                                                                                                                                                                                                                                                • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 007AEA84
                                                                                                                                                                                                                                                • mciSendStringW.WINMM(play PlayMe wait,00000000,00000000,00000000), ref: 007AEA96
                                                                                                                                                                                                                                                • mciSendStringW.WINMM(play PlayMe,00000000,00000000,00000000), ref: 007AEAA7
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: SendString$_wcslen
                                                                                                                                                                                                                                                • String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
                                                                                                                                                                                                                                                • API String ID: 2420728520-1007645807
                                                                                                                                                                                                                                                • Opcode ID: 91182f3da4555b464c8b47ef52487f15c3c112d4deadf748ea9cb6e6ea1c8cfb
                                                                                                                                                                                                                                                • Instruction ID: 17f4d057d70f0191283f2be960cfa8df1614a715c308a4166ffeff3427682537
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 91182f3da4555b464c8b47ef52487f15c3c112d4deadf748ea9cb6e6ea1c8cfb
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AA115131A90259B9E720A7A5DC4AEFF6ABCFFD2B00F0445297411E21D1EB781925C5B0
                                                                                                                                                                                                                                                Function 007A9F91 Relevance: 18.2, APIs: 12, Instructions: 188keyboardCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetKeyboardState.USER32(?), ref: 007AA012
                                                                                                                                                                                                                                                • SetKeyboardState.USER32(?), ref: 007AA07D
                                                                                                                                                                                                                                                • GetAsyncKeyState.USER32(000000A0), ref: 007AA09D
                                                                                                                                                                                                                                                • GetKeyState.USER32(000000A0), ref: 007AA0B4
                                                                                                                                                                                                                                                • GetAsyncKeyState.USER32(000000A1), ref: 007AA0E3
                                                                                                                                                                                                                                                • GetKeyState.USER32(000000A1), ref: 007AA0F4
                                                                                                                                                                                                                                                • GetAsyncKeyState.USER32(00000011), ref: 007AA120
                                                                                                                                                                                                                                                • GetKeyState.USER32(00000011), ref: 007AA12E
                                                                                                                                                                                                                                                • GetAsyncKeyState.USER32(00000012), ref: 007AA157
                                                                                                                                                                                                                                                • GetKeyState.USER32(00000012), ref: 007AA165
                                                                                                                                                                                                                                                • GetAsyncKeyState.USER32(0000005B), ref: 007AA18E
                                                                                                                                                                                                                                                • GetKeyState.USER32(0000005B), ref: 007AA19C
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: State$Async$Keyboard
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 541375521-0
                                                                                                                                                                                                                                                • Opcode ID: cc4abc043c9f2af5b2d5974b510d74a284637150002081e87c3136932ad41baf
                                                                                                                                                                                                                                                • Instruction ID: 629751b56888bef0d3c802e815b5c398f88fcd09df882def9c8b0ffa643c08a9
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: cc4abc043c9f2af5b2d5974b510d74a284637150002081e87c3136932ad41baf
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8A51CA2190578879FB35DB608415BEBBFB49F53340F08879AD5C2571C2EB5C9A4CC762
                                                                                                                                                                                                                                                Function 007A5CC6 Relevance: 18.2, APIs: 12, Instructions: 173COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,00000001), ref: 007A5CE2
                                                                                                                                                                                                                                                • GetWindowRect.USER32(00000000,?), ref: 007A5CFB
                                                                                                                                                                                                                                                • MoveWindow.USER32(?,0000000A,00000004,?,?,00000004,00000000), ref: 007A5D59
                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,00000002), ref: 007A5D69
                                                                                                                                                                                                                                                • GetWindowRect.USER32(00000000,?), ref: 007A5D7B
                                                                                                                                                                                                                                                • MoveWindow.USER32(?,?,00000004,00000000,?,00000004,00000000), ref: 007A5DCF
                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,000003E9), ref: 007A5DDD
                                                                                                                                                                                                                                                • GetWindowRect.USER32(00000000,?), ref: 007A5DEF
                                                                                                                                                                                                                                                • MoveWindow.USER32(?,0000000A,00000000,?,00000004,00000000), ref: 007A5E31
                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,000003EA), ref: 007A5E44
                                                                                                                                                                                                                                                • MoveWindow.USER32(00000000,0000000A,0000000A,?,-00000005,00000000), ref: 007A5E5A
                                                                                                                                                                                                                                                • InvalidateRect.USER32(?,00000000,00000001), ref: 007A5E67
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Window$ItemMoveRect$Invalidate
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 3096461208-0
                                                                                                                                                                                                                                                • Opcode ID: 3a44dcd3322449cb0ec32278c0900f3b2ce5c4ecfad4a6145f7c3c053307485a
                                                                                                                                                                                                                                                • Instruction ID: 0e5269e8c910ce3ea294d74baa7976b94d0570a516843730b0e99b7d8bf5abf1
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3a44dcd3322449cb0ec32278c0900f3b2ce5c4ecfad4a6145f7c3c053307485a
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D3510EB1B00606AFDF19CF68DD89AAEBBB5FB89310F148229F515E7290D7749E04CB50
                                                                                                                                                                                                                                                Function 00758BCD Relevance: 18.2, APIs: 12, Instructions: 168timeCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 00758F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00758BE8,?,00000000,?,?,?,?,00758BBA,00000000,?), ref: 00758FC5
                                                                                                                                                                                                                                                • DestroyWindow.USER32(?), ref: 00758C81
                                                                                                                                                                                                                                                • KillTimer.USER32(00000000,?,?,?,?,00758BBA,00000000,?), ref: 00758D1B
                                                                                                                                                                                                                                                • DestroyAcceleratorTable.USER32(00000000), ref: 00796973
                                                                                                                                                                                                                                                • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,00000000,?,?,?,?,00758BBA,00000000,?), ref: 007969A1
                                                                                                                                                                                                                                                • ImageList_Destroy.COMCTL32(?,?,?,?,?,?,?,00000000,?,?,?,?,00758BBA,00000000,?), ref: 007969B8
                                                                                                                                                                                                                                                • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,?,?,00000000,?,?,?,?,00758BBA,00000000), ref: 007969D4
                                                                                                                                                                                                                                                • DeleteObject.GDI32(00000000), ref: 007969E6
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Destroy$ImageList_$AcceleratorDeleteInvalidateKillObjectRectTableTimerWindow
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 641708696-0
                                                                                                                                                                                                                                                • Opcode ID: 44c8add2670d7215c2f5a22202aab5c647f8c3d6ef106c5aa3c09022e632d580
                                                                                                                                                                                                                                                • Instruction ID: 6aa9455b0e246d1b01d1b9959b8922c9f73b9d116a52b550edab426a7bb219ec
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 44c8add2670d7215c2f5a22202aab5c647f8c3d6ef106c5aa3c09022e632d580
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C861AF30502701DFCF629F14D948BA5BBF1FF40322F14865DE542AA660CBB9AC84CF65
                                                                                                                                                                                                                                                Function 00759838 Relevance: 18.1, APIs: 12, Instructions: 137COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 00759944: GetWindowLongW.USER32(?,000000EB), ref: 00759952
                                                                                                                                                                                                                                                • GetSysColor.USER32(0000000F), ref: 00759862
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ColorLongWindow
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 259745315-0
                                                                                                                                                                                                                                                • Opcode ID: b6bc442c8055250f81e4459d2f33dcc8e757faaa6da09edb063a32d935a61db3
                                                                                                                                                                                                                                                • Instruction ID: b8c18aeae82c04f0ee85dd91ec92cd954bc2ef783ae8da257ae73e4b421a5bce
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b6bc442c8055250f81e4459d2f33dcc8e757faaa6da09edb063a32d935a61db3
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D741B131105654DFDF215F389C88BF93BA5AB06332F148606FEA28B2E1D779AC46DB10
                                                                                                                                                                                                                                                Function 00778D45 Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 300COMMONLIBRARYCODE
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: .v
                                                                                                                                                                                                                                                • API String ID: 0-281053895
                                                                                                                                                                                                                                                • Opcode ID: 3797eaf5e90d91cf5cdb808634ae2d70cd566e0a23dabeac6cfa3cdc8b8680d2
                                                                                                                                                                                                                                                • Instruction ID: d43defa46c7ffd539ff15311b80f6bf3774a148610201d2f618cd4b7b7802230
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3797eaf5e90d91cf5cdb808634ae2d70cd566e0a23dabeac6cfa3cdc8b8680d2
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 08C1067490524AEFCF11DFA8D849BEDBBB4BF09350F048059E919A7392C7789941CF62
                                                                                                                                                                                                                                                Function 007A96E2 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 137windowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetModuleHandleW.KERNEL32(00000000,?,00000FFF,00000001,00000000,?,?,0078F7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?), ref: 007A9717
                                                                                                                                                                                                                                                • LoadStringW.USER32(00000000,?,0078F7F8,00000001), ref: 007A9720
                                                                                                                                                                                                                                                  • Part of subcall function 00749CB3: _wcslen.LIBCMT ref: 00749CBD
                                                                                                                                                                                                                                                • GetModuleHandleW.KERNEL32(00000000,00000001,?,00000FFF,?,?,0078F7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?,00000000), ref: 007A9742
                                                                                                                                                                                                                                                • LoadStringW.USER32(00000000,?,0078F7F8,00000001), ref: 007A9745
                                                                                                                                                                                                                                                • MessageBoxW.USER32(00000000,00000000,?,00011010), ref: 007A9866
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: HandleLoadModuleString$Message_wcslen
                                                                                                                                                                                                                                                • String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
                                                                                                                                                                                                                                                • API String ID: 747408836-2268648507
                                                                                                                                                                                                                                                • Opcode ID: 108d03fca86c571443fb78da3c2e224ed42b02bca32d60389794a21630070a7a
                                                                                                                                                                                                                                                • Instruction ID: 820d2e19a2ccb07b4c2d085a0cefceb722b88264ca4f5e909e395710cfab4abc
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 108d03fca86c571443fb78da3c2e224ed42b02bca32d60389794a21630070a7a
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 03412C72800219EADF04EBE0DD8ADEEB778AF55340F500125F605B2192EB3D6F58CB61
                                                                                                                                                                                                                                                Function 007A06DE Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 127registryshareCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 00746B57: _wcslen.LIBCMT ref: 00746B6A
                                                                                                                                                                                                                                                • WNetAddConnection2W.MPR(?,?,?,00000000), ref: 007A07A2
                                                                                                                                                                                                                                                • RegConnectRegistryW.ADVAPI32(?,80000002,?), ref: 007A07BE
                                                                                                                                                                                                                                                • RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?,?,SOFTWARE\Classes\), ref: 007A07DA
                                                                                                                                                                                                                                                • RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,?,?,SOFTWARE\Classes\), ref: 007A0804
                                                                                                                                                                                                                                                • CLSIDFromString.OLE32(?,000001FE,?,SOFTWARE\Classes\), ref: 007A082C
                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 007A0837
                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 007A083C
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Close$ConnectConnection2FromOpenQueryRegistryStringValue_wcslen
                                                                                                                                                                                                                                                • String ID: SOFTWARE\Classes\$\CLSID$\IPC$
                                                                                                                                                                                                                                                • API String ID: 323675364-22481851
                                                                                                                                                                                                                                                • Opcode ID: f47036bb0225239719d9c7d9d3b12c3e8c0af43a53aa6cc25edf79fc3892931d
                                                                                                                                                                                                                                                • Instruction ID: 2268fe1bc904a802ee2f91267c45080e15dd943c69052d0ecc920c21dc16a07d
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f47036bb0225239719d9c7d9d3b12c3e8c0af43a53aa6cc25edf79fc3892931d
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5941F772C10229EBDF15EFA4DC998EEB778FF44350F144529E915A31A1EB389E04CBA0
                                                                                                                                                                                                                                                Function 007D3F98 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 101windowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • MoveWindow.USER32(?,?,?,000000FF,000000FF,00000000,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?), ref: 007D403B
                                                                                                                                                                                                                                                • CreateCompatibleDC.GDI32(00000000), ref: 007D4042
                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000173,00000000,00000000), ref: 007D4055
                                                                                                                                                                                                                                                • SelectObject.GDI32(00000000,00000000), ref: 007D405D
                                                                                                                                                                                                                                                • GetPixel.GDI32(00000000,00000000,00000000), ref: 007D4068
                                                                                                                                                                                                                                                • DeleteDC.GDI32(00000000), ref: 007D4072
                                                                                                                                                                                                                                                • GetWindowLongW.USER32(?,000000EC), ref: 007D407C
                                                                                                                                                                                                                                                • SetLayeredWindowAttributes.USER32(?,?,00000000,00000001,?,00000000,?), ref: 007D4092
                                                                                                                                                                                                                                                • DestroyWindow.USER32(?,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?,?,00000000,00000000,?), ref: 007D409E
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Window$AttributesCompatibleCreateDeleteDestroyLayeredLongMessageMoveObjectPixelSelectSend
                                                                                                                                                                                                                                                • String ID: static
                                                                                                                                                                                                                                                • API String ID: 2559357485-2160076837
                                                                                                                                                                                                                                                • Opcode ID: ca66b3252875f68161ed4370c06e78cbba8c452ea0c6a736739d2c8d1c82854a
                                                                                                                                                                                                                                                • Instruction ID: 4f548a45ea48b7453efcfd1866209e09424c56346c1fa12bfd88f20ee7b4c600
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ca66b3252875f68161ed4370c06e78cbba8c452ea0c6a736739d2c8d1c82854a
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 48315C7250121AABDF229FA4DC09FDA3B78EF0D320F114252FA15A61A0D779D820DB64
                                                                                                                                                                                                                                                Function 007C3C30 Relevance: 16.8, APIs: 11, Instructions: 344fileCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • VariantInit.OLEAUT32(?), ref: 007C3C5C
                                                                                                                                                                                                                                                • CoInitialize.OLE32(00000000), ref: 007C3C8A
                                                                                                                                                                                                                                                • CoUninitialize.OLE32 ref: 007C3C94
                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 007C3D2D
                                                                                                                                                                                                                                                • GetRunningObjectTable.OLE32(00000000,?), ref: 007C3DB1
                                                                                                                                                                                                                                                • SetErrorMode.KERNEL32(00000001,00000029), ref: 007C3ED5
                                                                                                                                                                                                                                                • CoGetInstanceFromFile.OLE32(00000000,?,00000000,00000015,00000002,?,00000001,?), ref: 007C3F0E
                                                                                                                                                                                                                                                • CoGetObject.OLE32(?,00000000,007DFB98,?), ref: 007C3F2D
                                                                                                                                                                                                                                                • SetErrorMode.KERNEL32(00000000), ref: 007C3F40
                                                                                                                                                                                                                                                • SetErrorMode.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 007C3FC4
                                                                                                                                                                                                                                                • VariantClear.OLEAUT32(?), ref: 007C3FD8
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ErrorMode$ObjectVariant$ClearFileFromInitInitializeInstanceRunningTableUninitialize_wcslen
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 429561992-0
                                                                                                                                                                                                                                                • Opcode ID: 964954f3363311531400ab441381e534cabcbc4658c86649de40b6240f4e122d
                                                                                                                                                                                                                                                • Instruction ID: cc342bfad01c82448e478bde567871b0d51b0025f3063b6e75e11b44aa32928b
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 964954f3363311531400ab441381e534cabcbc4658c86649de40b6240f4e122d
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 50C112B16082059FD700DF68C884E2BBBE9FF89748F14891DF98A9B251D735EE05CB52
                                                                                                                                                                                                                                                Function 007B7A96 Relevance: 16.8, APIs: 11, Instructions: 298comCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • CoInitialize.OLE32(00000000), ref: 007B7AF3
                                                                                                                                                                                                                                                • SHGetSpecialFolderLocation.SHELL32(00000000,00000000,?), ref: 007B7B8F
                                                                                                                                                                                                                                                • SHGetDesktopFolder.SHELL32(?), ref: 007B7BA3
                                                                                                                                                                                                                                                • CoCreateInstance.OLE32(007DFD08,00000000,00000001,00806E6C,?), ref: 007B7BEF
                                                                                                                                                                                                                                                • SHCreateShellItem.SHELL32(00000000,00000000,?,00000003), ref: 007B7C74
                                                                                                                                                                                                                                                • CoTaskMemFree.OLE32(?,?), ref: 007B7CCC
                                                                                                                                                                                                                                                • SHBrowseForFolderW.SHELL32(?), ref: 007B7D57
                                                                                                                                                                                                                                                • SHGetPathFromIDListW.SHELL32(00000000,?), ref: 007B7D7A
                                                                                                                                                                                                                                                • CoTaskMemFree.OLE32(00000000), ref: 007B7D81
                                                                                                                                                                                                                                                • CoTaskMemFree.OLE32(00000000), ref: 007B7DD6
                                                                                                                                                                                                                                                • CoUninitialize.OLE32 ref: 007B7DDC
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: FolderFreeTask$Create$BrowseDesktopFromInitializeInstanceItemListLocationPathShellSpecialUninitialize
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2762341140-0
                                                                                                                                                                                                                                                • Opcode ID: f0c3921ccda33c79b7cb0930b2912aa4494c4216b3e2e68e7b7e478c0ca6d3a7
                                                                                                                                                                                                                                                • Instruction ID: 13ae68e0b79a2903aa745cf56b291c1961d66c723aba113f52bf393da73b0867
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f0c3921ccda33c79b7cb0930b2912aa4494c4216b3e2e68e7b7e478c0ca6d3a7
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BAC12A75A04109EFCB14DFA4C898EAEBBB9FF48304B148499E91ADB361D734ED45CB90
                                                                                                                                                                                                                                                Function 007D541D Relevance: 16.7, APIs: 11, Instructions: 191windowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000158,000000FF,00000158), ref: 007D5504
                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 007D5515
                                                                                                                                                                                                                                                • CharNextW.USER32(00000158), ref: 007D5544
                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000014B,00000000,00000000), ref: 007D5585
                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000158,000000FF,0000014E), ref: 007D559B
                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 007D55AC
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: MessageSend$CharNext
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 1350042424-0
                                                                                                                                                                                                                                                • Opcode ID: 948b0ad72a5ed3122df4a2b0f70a21aee5bab0169565b094a4483b11290c157b
                                                                                                                                                                                                                                                • Instruction ID: c422f85ebfc121b5e6b5bf63e4b1f48930476f3a1fa192465bddbd4af8847c5c
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 948b0ad72a5ed3122df4a2b0f70a21aee5bab0169565b094a4483b11290c157b
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D8617C30901609EFDF119F54CC84EFE7BB9EF09760F14814AF925A6390D7789A80DB61
                                                                                                                                                                                                                                                Function 0079FA88 Relevance: 16.6, APIs: 11, Instructions: 122memoryCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • SafeArrayAllocDescriptorEx.OLEAUT32(0000000C,?,?), ref: 0079FAAF
                                                                                                                                                                                                                                                • SafeArrayAllocData.OLEAUT32(?), ref: 0079FB08
                                                                                                                                                                                                                                                • VariantInit.OLEAUT32(?), ref: 0079FB1A
                                                                                                                                                                                                                                                • SafeArrayAccessData.OLEAUT32(?,?), ref: 0079FB3A
                                                                                                                                                                                                                                                • VariantCopy.OLEAUT32(?,?), ref: 0079FB8D
                                                                                                                                                                                                                                                • SafeArrayUnaccessData.OLEAUT32(?), ref: 0079FBA1
                                                                                                                                                                                                                                                • VariantClear.OLEAUT32(?), ref: 0079FBB6
                                                                                                                                                                                                                                                • SafeArrayDestroyData.OLEAUT32(?), ref: 0079FBC3
                                                                                                                                                                                                                                                • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 0079FBCC
                                                                                                                                                                                                                                                • VariantClear.OLEAUT32(?), ref: 0079FBDE
                                                                                                                                                                                                                                                • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 0079FBE9
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2706829360-0
                                                                                                                                                                                                                                                • Opcode ID: 090e9f9becd9006f89bb67b6348af27867788b6e1ffe39247206f0d5d576a11d
                                                                                                                                                                                                                                                • Instruction ID: 1c1ae583857dde14b92dcb45b5ffd22c9a102be115c4461c01460a4cdbc53b3c
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 090e9f9becd9006f89bb67b6348af27867788b6e1ffe39247206f0d5d576a11d
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1E415F75A0021ADFCF01DF68D8589AEBBB9EF08354F00C069E945E7261CB38A945CBA0
                                                                                                                                                                                                                                                Function 007A9C79 Relevance: 16.6, APIs: 11, Instructions: 119keyboardCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetKeyboardState.USER32(?), ref: 007A9CA1
                                                                                                                                                                                                                                                • GetAsyncKeyState.USER32(000000A0), ref: 007A9D22
                                                                                                                                                                                                                                                • GetKeyState.USER32(000000A0), ref: 007A9D3D
                                                                                                                                                                                                                                                • GetAsyncKeyState.USER32(000000A1), ref: 007A9D57
                                                                                                                                                                                                                                                • GetKeyState.USER32(000000A1), ref: 007A9D6C
                                                                                                                                                                                                                                                • GetAsyncKeyState.USER32(00000011), ref: 007A9D84
                                                                                                                                                                                                                                                • GetKeyState.USER32(00000011), ref: 007A9D96
                                                                                                                                                                                                                                                • GetAsyncKeyState.USER32(00000012), ref: 007A9DAE
                                                                                                                                                                                                                                                • GetKeyState.USER32(00000012), ref: 007A9DC0
                                                                                                                                                                                                                                                • GetAsyncKeyState.USER32(0000005B), ref: 007A9DD8
                                                                                                                                                                                                                                                • GetKeyState.USER32(0000005B), ref: 007A9DEA
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: State$Async$Keyboard
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 541375521-0
                                                                                                                                                                                                                                                • Opcode ID: 1d34ceddeb8751aa7ceb54a9681a8f85dada0f12c21b85dab1d56df7192797b9
                                                                                                                                                                                                                                                • Instruction ID: c182027c1fc281cb0d222429692d05dae8da5ba868f4951962110e8f5e0545c0
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1d34ceddeb8751aa7ceb54a9681a8f85dada0f12c21b85dab1d56df7192797b9
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5241D934604BCA69FF31867084443B5BEB06F93354F04825AD7C6565C2E7AC99E4C7A2
                                                                                                                                                                                                                                                Function 007C055B Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 207networkfileCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • WSAStartup.WSOCK32(00000101,?), ref: 007C05BC
                                                                                                                                                                                                                                                • inet_addr.WSOCK32(?), ref: 007C061C
                                                                                                                                                                                                                                                • gethostbyname.WSOCK32(?), ref: 007C0628
                                                                                                                                                                                                                                                • IcmpCreateFile.IPHLPAPI ref: 007C0636
                                                                                                                                                                                                                                                • IcmpSendEcho.IPHLPAPI(?,?,?,00000005,00000000,?,00000029,00000FA0), ref: 007C06C6
                                                                                                                                                                                                                                                • IcmpSendEcho.IPHLPAPI(00000000,00000000,?,00000005,00000000,?,00000029,00000FA0), ref: 007C06E5
                                                                                                                                                                                                                                                • IcmpCloseHandle.IPHLPAPI(?), ref: 007C07B9
                                                                                                                                                                                                                                                • WSACleanup.WSOCK32 ref: 007C07BF
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Icmp$EchoSend$CleanupCloseCreateFileHandleStartupgethostbynameinet_addr
                                                                                                                                                                                                                                                • String ID: Ping
                                                                                                                                                                                                                                                • API String ID: 1028309954-2246546115
                                                                                                                                                                                                                                                • Opcode ID: 611e2aae14cb841e34c0f2963ce1e7e81cf118f0cfbbfb360f4ef34c40ca5fba
                                                                                                                                                                                                                                                • Instruction ID: e14757f2c1d51b8bb833b0015ee3313f756df1f50fa3c76a6610495152c2c9b6
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 611e2aae14cb841e34c0f2963ce1e7e81cf118f0cfbbfb360f4ef34c40ca5fba
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CE918B75608201DFD724CF19C889F1ABBE0AF48318F1485ADE4699B6A2C738ED45CFD1
                                                                                                                                                                                                                                                Function 007C8CD3 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 193COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: _wcslen$BuffCharLower
                                                                                                                                                                                                                                                • String ID: cdecl$none$stdcall$winapi
                                                                                                                                                                                                                                                • API String ID: 707087890-567219261
                                                                                                                                                                                                                                                • Opcode ID: b191f01380723a9c22462a6efe454ce96b4edf66df558eaff39ed8ac4d99e38d
                                                                                                                                                                                                                                                • Instruction ID: f8945b2e03a38c9c82fb164078aeaec2dc0c3cf9d8b2aa6c624632a4d2ef81b4
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b191f01380723a9c22462a6efe454ce96b4edf66df558eaff39ed8ac4d99e38d
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 32519031A00116ABCB54DF6CC940ABEB7A5BF65720B24422DE926E72C5EB39ED40C791
                                                                                                                                                                                                                                                Function 007C372C Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 187comCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • CoInitialize.OLE32 ref: 007C3774
                                                                                                                                                                                                                                                • CoUninitialize.OLE32 ref: 007C377F
                                                                                                                                                                                                                                                • CoCreateInstance.OLE32(?,00000000,00000017,007DFB78,?), ref: 007C37D9
                                                                                                                                                                                                                                                • IIDFromString.OLE32(?,?), ref: 007C384C
                                                                                                                                                                                                                                                • VariantInit.OLEAUT32(?), ref: 007C38E4
                                                                                                                                                                                                                                                • VariantClear.OLEAUT32(?), ref: 007C3936
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Variant$ClearCreateFromInitInitializeInstanceStringUninitialize
                                                                                                                                                                                                                                                • String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
                                                                                                                                                                                                                                                • API String ID: 636576611-1287834457
                                                                                                                                                                                                                                                • Opcode ID: 7c52f2efcca24c28cba6c68f39c5ac991454b9a86421df4ea5e3151852f3e7b4
                                                                                                                                                                                                                                                • Instruction ID: 5efd99dd24d6fb508bc1439e016ab87a51a78e59e5a7c949ffdefd223e01259b
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7c52f2efcca24c28cba6c68f39c5ac991454b9a86421df4ea5e3151852f3e7b4
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 28618C70608301AFD311DF54C889F6ABBE4EF49715F00890DF9859B291C778EE48CBA6
                                                                                                                                                                                                                                                Function 007B3388 Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 149COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • LoadStringW.USER32(00000066,?,00000FFF,?), ref: 007B33CF
                                                                                                                                                                                                                                                  • Part of subcall function 00749CB3: _wcslen.LIBCMT ref: 00749CBD
                                                                                                                                                                                                                                                • LoadStringW.USER32(00000072,?,00000FFF,?), ref: 007B33F0
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: LoadString$_wcslen
                                                                                                                                                                                                                                                • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Incorrect parameters to object property !$Line %d (File "%s"):$^ ERROR
                                                                                                                                                                                                                                                • API String ID: 4099089115-3080491070
                                                                                                                                                                                                                                                • Opcode ID: f4531f35013ca81896f87de800381f478ae980aab7a906376d81bd38b7429b76
                                                                                                                                                                                                                                                • Instruction ID: d207d8bf039fb014ed830008e364eb862c3a7990a613563019baaaeb36f0cec8
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f4531f35013ca81896f87de800381f478ae980aab7a906376d81bd38b7429b76
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 75516272900109EADF15EBA0DD4AEEEB778FF04340F104165F61972192EB396F68DB61
                                                                                                                                                                                                                                                Function 007AB5C8 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 142COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: _wcslen$BuffCharUpper
                                                                                                                                                                                                                                                • String ID: APPEND$EXISTS$KEYS$REMOVE
                                                                                                                                                                                                                                                • API String ID: 1256254125-769500911
                                                                                                                                                                                                                                                • Opcode ID: a6e336bbd363e92da50ab3f725e8d2c0c29d85038f5798bb7f97ba822bd75ee8
                                                                                                                                                                                                                                                • Instruction ID: e4b90b9ed86606c08e281e73a68a2e4b071853a8011f63d5b24e02aca441c97e
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a6e336bbd363e92da50ab3f725e8d2c0c29d85038f5798bb7f97ba822bd75ee8
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0441E632A00126DACB105FBD8C905BEB7A5FFE2754B24432AE521DB286F739DD81C790
                                                                                                                                                                                                                                                Function 007B5393 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 103COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • SetErrorMode.KERNEL32(00000001), ref: 007B53A0
                                                                                                                                                                                                                                                • GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?,00000002,00000001), ref: 007B5416
                                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 007B5420
                                                                                                                                                                                                                                                • SetErrorMode.KERNEL32(00000000,READY), ref: 007B54A7
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Error$Mode$DiskFreeLastSpace
                                                                                                                                                                                                                                                • String ID: INVALID$NOTREADY$READONLY$READY$UNKNOWN
                                                                                                                                                                                                                                                • API String ID: 4194297153-14809454
                                                                                                                                                                                                                                                • Opcode ID: 043b862627dfb776f8992ff4148201d42eade6e7a40abb968445164fd09b3a71
                                                                                                                                                                                                                                                • Instruction ID: b06d15b98b4d473d5c9b2607b7a0c2eaf161af8ae36ab26f9c1bf291fe1eae59
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 043b862627dfb776f8992ff4148201d42eade6e7a40abb968445164fd09b3a71
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5431E175A00245DFD711DF68C888BEABBB4FF05305F188065E901CB292EB79DD86CB90
                                                                                                                                                                                                                                                Function 007D3C46 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 101windowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • CreateMenu.USER32 ref: 007D3C79
                                                                                                                                                                                                                                                • SetMenu.USER32(?,00000000), ref: 007D3C88
                                                                                                                                                                                                                                                • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 007D3D10
                                                                                                                                                                                                                                                • IsMenu.USER32(?), ref: 007D3D24
                                                                                                                                                                                                                                                • CreatePopupMenu.USER32 ref: 007D3D2E
                                                                                                                                                                                                                                                • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 007D3D5B
                                                                                                                                                                                                                                                • DrawMenuBar.USER32 ref: 007D3D63
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Menu$CreateItem$DrawInfoInsertPopup
                                                                                                                                                                                                                                                • String ID: 0$F
                                                                                                                                                                                                                                                • API String ID: 161812096-3044882817
                                                                                                                                                                                                                                                • Opcode ID: b30af45d6a44990371e43cf33e4ed880dd762769d5ab48b2d38e7cb09e0c4bea
                                                                                                                                                                                                                                                • Instruction ID: 4ca12418efdd1716c5d9edecf076dbc996302de98401d6b20bb1560d4f0f21e3
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b30af45d6a44990371e43cf33e4ed880dd762769d5ab48b2d38e7cb09e0c4bea
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C0418DB5A0120AEFDF14CF64E844ADA7BB6FF49310F24402AF94697360D734AA10CF55
                                                                                                                                                                                                                                                Function 007A1EDF Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 78windowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 00749CB3: _wcslen.LIBCMT ref: 00749CBD
                                                                                                                                                                                                                                                  • Part of subcall function 007A3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 007A3CCA
                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000018C,000000FF,00020000), ref: 007A1F64
                                                                                                                                                                                                                                                • GetDlgCtrlID.USER32 ref: 007A1F6F
                                                                                                                                                                                                                                                • GetParent.USER32 ref: 007A1F8B
                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,?,00000111,?), ref: 007A1F8E
                                                                                                                                                                                                                                                • GetDlgCtrlID.USER32(?), ref: 007A1F97
                                                                                                                                                                                                                                                • GetParent.USER32(?), ref: 007A1FAB
                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,?,00000111,?), ref: 007A1FAE
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: MessageSend$CtrlParent$ClassName_wcslen
                                                                                                                                                                                                                                                • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                • API String ID: 711023334-1403004172
                                                                                                                                                                                                                                                • Opcode ID: aa85e21cbd7ade1cc69e284fda04a904bc082e73ce835c575f91829bbb94be06
                                                                                                                                                                                                                                                • Instruction ID: 0c764a10ef4939e0d8b3e49696961debe5bc9e25414300bc5b8f7b36045ca65e
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: aa85e21cbd7ade1cc69e284fda04a904bc082e73ce835c575f91829bbb94be06
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BC21AF74901214AFDF05AFA0DC899EEBBB8EF46310F404296B961A72D1CB3C9904DB64
                                                                                                                                                                                                                                                Function 007A1FC0 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 77windowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 00749CB3: _wcslen.LIBCMT ref: 00749CBD
                                                                                                                                                                                                                                                  • Part of subcall function 007A3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 007A3CCA
                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000186,00020000,00000000), ref: 007A2043
                                                                                                                                                                                                                                                • GetDlgCtrlID.USER32 ref: 007A204E
                                                                                                                                                                                                                                                • GetParent.USER32 ref: 007A206A
                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,?,00000111,?), ref: 007A206D
                                                                                                                                                                                                                                                • GetDlgCtrlID.USER32(?), ref: 007A2076
                                                                                                                                                                                                                                                • GetParent.USER32(?), ref: 007A208A
                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,?,00000111,?), ref: 007A208D
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: MessageSend$CtrlParent$ClassName_wcslen
                                                                                                                                                                                                                                                • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                • API String ID: 711023334-1403004172
                                                                                                                                                                                                                                                • Opcode ID: 39d5b472ea0789a86f622775538c6d46bd79b08eed2fbacc9590cc8a0dd9ee28
                                                                                                                                                                                                                                                • Instruction ID: 51c5601ac07e054191b4aba0c122333255e21fc651a7e278e30e6a27f40bf313
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 39d5b472ea0789a86f622775538c6d46bd79b08eed2fbacc9590cc8a0dd9ee28
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F521BE75900214BBCF11AFA4CC89AEFBBB8EF06300F104546B961A72A2CB7D9915DB60
                                                                                                                                                                                                                                                Function 007D3A23 Relevance: 15.2, APIs: 10, Instructions: 182windowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 007D3A9D
                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 007D3AA0
                                                                                                                                                                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 007D3AC7
                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 007D3AEA
                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 007D3B62
                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001074,00000000,00000007), ref: 007D3BAC
                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001057,00000000,00000000), ref: 007D3BC7
                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000101D,00001004,00000000), ref: 007D3BE2
                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000101E,00001004,00000000), ref: 007D3BF6
                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001008,00000000,00000007), ref: 007D3C13
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: MessageSend$LongWindow
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 312131281-0
                                                                                                                                                                                                                                                • Opcode ID: eb6c2110d1c834c363182c93d93793ebd36cd1468dab4116ffe95a4155639b36
                                                                                                                                                                                                                                                • Instruction ID: 00e0ae36394d927cda80a6486ae9502e498c3a393c00eafc94eea87e8c98967c
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: eb6c2110d1c834c363182c93d93793ebd36cd1468dab4116ffe95a4155639b36
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8C615B75900248AFDB10DFA8CC85EEE77B8EF09710F10419AFA15A7391D778AA45DB60
                                                                                                                                                                                                                                                Function 007AB12F Relevance: 15.1, APIs: 10, Instructions: 88threadCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 007AB151
                                                                                                                                                                                                                                                • GetForegroundWindow.USER32(00000000,?,?,?,?,?,007AA1E1,?,00000001), ref: 007AB165
                                                                                                                                                                                                                                                • GetWindowThreadProcessId.USER32(00000000), ref: 007AB16C
                                                                                                                                                                                                                                                • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,007AA1E1,?,00000001), ref: 007AB17B
                                                                                                                                                                                                                                                • GetWindowThreadProcessId.USER32(?,00000000), ref: 007AB18D
                                                                                                                                                                                                                                                • AttachThreadInput.USER32(?,00000000,00000001,?,?,?,?,?,007AA1E1,?,00000001), ref: 007AB1A6
                                                                                                                                                                                                                                                • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,007AA1E1,?,00000001), ref: 007AB1B8
                                                                                                                                                                                                                                                • AttachThreadInput.USER32(00000000,00000000,?,?,?,?,?,007AA1E1,?,00000001), ref: 007AB1FD
                                                                                                                                                                                                                                                • AttachThreadInput.USER32(?,?,00000000,?,?,?,?,?,007AA1E1,?,00000001), ref: 007AB212
                                                                                                                                                                                                                                                • AttachThreadInput.USER32(00000000,?,00000000,?,?,?,?,?,007AA1E1,?,00000001), ref: 007AB21D
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Thread$AttachInput$Window$Process$CurrentForeground
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2156557900-0
                                                                                                                                                                                                                                                • Opcode ID: 98f180baff98310863e4af28adde8707e491af422c3d1b856dc9a466851dc823
                                                                                                                                                                                                                                                • Instruction ID: 15eb42f3293f5de591794576d5338ffedee988b46dbe88c506faa2ab6b0d3e63
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 98f180baff98310863e4af28adde8707e491af422c3d1b856dc9a466851dc823
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EE31CC71500608BFDB119F24EC49BAE7BBDBF9A391F108206FA00D6191D7B89E00CF64
                                                                                                                                                                                                                                                Function 00772C80 Relevance: 15.1, APIs: 10, Instructions: 54COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00772C94
                                                                                                                                                                                                                                                  • Part of subcall function 007729C8: RtlFreeHeap.NTDLL(00000000,00000000,?,0077D7D1,00000000,00000000,00000000,00000000,?,0077D7F8,00000000,00000007,00000000,?,0077DBF5,00000000), ref: 007729DE
                                                                                                                                                                                                                                                  • Part of subcall function 007729C8: GetLastError.KERNEL32(00000000,?,0077D7D1,00000000,00000000,00000000,00000000,?,0077D7F8,00000000,00000007,00000000,?,0077DBF5,00000000,00000000), ref: 007729F0
                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00772CA0
                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00772CAB
                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00772CB6
                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00772CC1
                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00772CCC
                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00772CD7
                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00772CE2
                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00772CED
                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00772CFB
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 776569668-0
                                                                                                                                                                                                                                                • Opcode ID: b72744bb31048a7941af21af6d304bb0109d078a7583f412e0863e869deb9ec8
                                                                                                                                                                                                                                                • Instruction ID: 698f91c9c539250380f450a1a35ecbb737ea27621cf0bcbd70b4e063c5410076
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b72744bb31048a7941af21af6d304bb0109d078a7583f412e0863e869deb9ec8
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BA118376100208EFCF02EF64D846C9D7BA5BF09390F5584A5FA586B232D635EA919F90
                                                                                                                                                                                                                                                Function 007B7DF0 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 230COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 007B7FAD
                                                                                                                                                                                                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 007B7FC1
                                                                                                                                                                                                                                                • GetFileAttributesW.KERNEL32(?), ref: 007B7FEB
                                                                                                                                                                                                                                                • SetFileAttributesW.KERNEL32(?,00000000), ref: 007B8005
                                                                                                                                                                                                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 007B8017
                                                                                                                                                                                                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 007B8060
                                                                                                                                                                                                                                                • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 007B80B0
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CurrentDirectory$AttributesFile
                                                                                                                                                                                                                                                • String ID: *.*
                                                                                                                                                                                                                                                • API String ID: 769691225-438819550
                                                                                                                                                                                                                                                • Opcode ID: 03017b8c7716464212b82fec6f9452fe13993e90569125f86775386c7ae37f88
                                                                                                                                                                                                                                                • Instruction ID: 98b70bd36cc692c9f6026a7a739d31eaac486f088456b59c426f9a5b7a73b71b
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 03017b8c7716464212b82fec6f9452fe13993e90569125f86775386c7ae37f88
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 94818072508201DBCB68EF14C844AAEB3E8BFC8350F544C5AF885DB250EB39ED49CB52
                                                                                                                                                                                                                                                Function 00745BEA Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 184windowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • SetWindowLongW.USER32(?,000000EB), ref: 00745C7A
                                                                                                                                                                                                                                                  • Part of subcall function 00745D0A: GetClientRect.USER32(?,?), ref: 00745D30
                                                                                                                                                                                                                                                  • Part of subcall function 00745D0A: GetWindowRect.USER32(?,?), ref: 00745D71
                                                                                                                                                                                                                                                  • Part of subcall function 00745D0A: ScreenToClient.USER32(?,?), ref: 00745D99
                                                                                                                                                                                                                                                • GetDC.USER32 ref: 007846F5
                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 00784708
                                                                                                                                                                                                                                                • SelectObject.GDI32(00000000,00000000), ref: 00784716
                                                                                                                                                                                                                                                • SelectObject.GDI32(00000000,00000000), ref: 0078472B
                                                                                                                                                                                                                                                • ReleaseDC.USER32(?,00000000), ref: 00784733
                                                                                                                                                                                                                                                • MoveWindow.USER32(?,?,?,?,?,?,?,00000031,00000000,00000000), ref: 007847C4
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Window$ClientObjectRectSelect$LongMessageMoveReleaseScreenSend
                                                                                                                                                                                                                                                • String ID: U
                                                                                                                                                                                                                                                • API String ID: 4009187628-3372436214
                                                                                                                                                                                                                                                • Opcode ID: 60955abc78ee15e241750f2af5cd7639b6c8fbcc42d8c943252391bfd95fa211
                                                                                                                                                                                                                                                • Instruction ID: c8ecd5c74bdcdf8848d6a8a9185b67bf7aad0781aa63fdc33350e7595a5d95fb
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 60955abc78ee15e241750f2af5cd7639b6c8fbcc42d8c943252391bfd95fa211
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8B71F331500207DFCF21AF64C984AFA7BB5FF4A320F18426AED555A2A6D3799C41DF60
                                                                                                                                                                                                                                                Function 007B359C Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 150COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • LoadStringW.USER32(00000066,?,00000FFF,00000000), ref: 007B35E4
                                                                                                                                                                                                                                                  • Part of subcall function 00749CB3: _wcslen.LIBCMT ref: 00749CBD
                                                                                                                                                                                                                                                • LoadStringW.USER32(00812390,?,00000FFF,?), ref: 007B360A
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: LoadString$_wcslen
                                                                                                                                                                                                                                                • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
                                                                                                                                                                                                                                                • API String ID: 4099089115-2391861430
                                                                                                                                                                                                                                                • Opcode ID: 287cd90a5797978e03abf076938cb98afe734b443d1ce8fba791e4c212404dc4
                                                                                                                                                                                                                                                • Instruction ID: c5136f42a66b96be97dae73d77b0ea171e239be5499a72b97d2d116ba90bd475
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 287cd90a5797978e03abf076938cb98afe734b443d1ce8fba791e4c212404dc4
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 94514171900209FADF15EBA0DC8AEEEBB78EF04300F144125F61572191EB395B99DF61
                                                                                                                                                                                                                                                Function 007BC253 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 94networkCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 007BC272
                                                                                                                                                                                                                                                • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 007BC29A
                                                                                                                                                                                                                                                • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 007BC2CA
                                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 007BC322
                                                                                                                                                                                                                                                • SetEvent.KERNEL32(?), ref: 007BC336
                                                                                                                                                                                                                                                • InternetCloseHandle.WININET(00000000), ref: 007BC341
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: HttpInternet$CloseErrorEventHandleInfoLastOpenQueryRequestSend
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 3113390036-3916222277
                                                                                                                                                                                                                                                • Opcode ID: d2fc313d0321ab075152d01fb94bbb0bf3a04d26e6bf403973f49df4bbfc842b
                                                                                                                                                                                                                                                • Instruction ID: a5bb3f5f2f0c0b65df0f95a969cfe7daf594c7f1ed8c0feeeab3e3dcbe0e9294
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d2fc313d0321ab075152d01fb94bbb0bf3a04d26e6bf403973f49df4bbfc842b
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D0316BB1601208AFD7229F648C88BEB7BFCEB49754B54C51EF486D7200DB38DD049B65
                                                                                                                                                                                                                                                Function 007A989B Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 74windowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,00000000,?,00783AAF,?,?,Bad directive syntax error,007DCC08,00000000,00000010,?,?,>>>AUTOIT SCRIPT<<<), ref: 007A98BC
                                                                                                                                                                                                                                                • LoadStringW.USER32(00000000,?,00783AAF,?), ref: 007A98C3
                                                                                                                                                                                                                                                  • Part of subcall function 00749CB3: _wcslen.LIBCMT ref: 00749CBD
                                                                                                                                                                                                                                                • MessageBoxW.USER32(00000000,00000001,00000001,00011010), ref: 007A9987
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: HandleLoadMessageModuleString_wcslen
                                                                                                                                                                                                                                                • String ID: Error: $%s (%d) : ==> %s.: %s %s$.$Line %d (File "%s"):$Line %d:
                                                                                                                                                                                                                                                • API String ID: 858772685-4153970271
                                                                                                                                                                                                                                                • Opcode ID: a71ac70843b8a94c13ffd1747e8063d715b9fe0c7e773a4efd698c8d26b2dd3c
                                                                                                                                                                                                                                                • Instruction ID: 220c0079d0992ec6024e826e173543595a2100f4293e1a2a267f4f23260a235f
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a71ac70843b8a94c13ffd1747e8063d715b9fe0c7e773a4efd698c8d26b2dd3c
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4321943280021AFBDF15EF90CC0AEEE7779FF14300F044415F619651A2EB79A628DB60
                                                                                                                                                                                                                                                Function 007A209F Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 71windowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetParent.USER32 ref: 007A20AB
                                                                                                                                                                                                                                                • GetClassNameW.USER32(00000000,?,00000100), ref: 007A20C0
                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000111,0000702B,00000000), ref: 007A214D
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ClassMessageNameParentSend
                                                                                                                                                                                                                                                • String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
                                                                                                                                                                                                                                                • API String ID: 1290815626-3381328864
                                                                                                                                                                                                                                                • Opcode ID: 734c2662bab92ae9095d6ed58899fbf449f62f8bc807a84f2bee6855d6241423
                                                                                                                                                                                                                                                • Instruction ID: 49d5bea2962146c6202d984b00064029d1c66229a84b2550a0dd909b8a7b9f06
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 734c2662bab92ae9095d6ed58899fbf449f62f8bc807a84f2bee6855d6241423
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8C11E77668470BF9FA012228DC1ADA7379CDB46724B204216FA05E51D2FA6DA8435A14
                                                                                                                                                                                                                                                Function 0077CE90 Relevance: 13.7, APIs: 9, Instructions: 209COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: _free$EnvironmentVariable___from_strstr_to_strchr
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 1282221369-0
                                                                                                                                                                                                                                                • Opcode ID: 1c3504adefb53728e076568a2a8a7eeb8beb06517760ea4166a54b55e281af89
                                                                                                                                                                                                                                                • Instruction ID: e961d325183987ba13bed51b02f70731810443449e5b1800f0c76e69b42f8960
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1c3504adefb53728e076568a2a8a7eeb8beb06517760ea4166a54b55e281af89
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 53612972904300AFDF22AFB4AC45AAD7BA9AF093D0F04C56EF94DA7242D63D9D41DB50
                                                                                                                                                                                                                                                Function 007D50D4 Relevance: 13.7, APIs: 9, Instructions: 162windowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00002001,00000000,00000000), ref: 007D5186
                                                                                                                                                                                                                                                • ShowWindow.USER32(?,00000000), ref: 007D51C7
                                                                                                                                                                                                                                                • ShowWindow.USER32(?,00000005,?,00000000), ref: 007D51CD
                                                                                                                                                                                                                                                • SetFocus.USER32(?,?,00000005,?,00000000), ref: 007D51D1
                                                                                                                                                                                                                                                  • Part of subcall function 007D6FBA: DeleteObject.GDI32(00000000), ref: 007D6FE6
                                                                                                                                                                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 007D520D
                                                                                                                                                                                                                                                • SetWindowLongW.USER32(?,000000F0,00000000), ref: 007D521A
                                                                                                                                                                                                                                                • InvalidateRect.USER32(?,00000000,00000001,?,00000001), ref: 007D524D
                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001001,00000000,000000FE), ref: 007D5287
                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001026,00000000,000000FE), ref: 007D5296
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Window$MessageSend$LongShow$DeleteFocusInvalidateObjectRect
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 3210457359-0
                                                                                                                                                                                                                                                • Opcode ID: 1f0515c9581630e5082f4b6d51b068e89b068ea09f7b7b52b21e78d43dcc42f2
                                                                                                                                                                                                                                                • Instruction ID: a88a5c2841c54646a1e209267a37bd2255e708edc96f377839baf1c68dde6cb3
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1f0515c9581630e5082f4b6d51b068e89b068ea09f7b7b52b21e78d43dcc42f2
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F5515C70A41A09EFEF209F28CC49BD93B75BB05361F148113FA25963E0C77EA998DB41
                                                                                                                                                                                                                                                Function 00758B06 Relevance: 13.7, APIs: 9, Instructions: 155windowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • LoadImageW.USER32(00000000,?,?,00000010,00000010,00000010), ref: 00796890
                                                                                                                                                                                                                                                • ExtractIconExW.SHELL32(?,?,00000000,00000000,00000001), ref: 007968A9
                                                                                                                                                                                                                                                • LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00000050), ref: 007968B9
                                                                                                                                                                                                                                                • ExtractIconExW.SHELL32(?,?,?,00000000,00000001), ref: 007968D1
                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000080,00000000,00000000), ref: 007968F2
                                                                                                                                                                                                                                                • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,00758874,00000000,00000000,00000000,000000FF,00000000), ref: 00796901
                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000080,00000001,00000000), ref: 0079691E
                                                                                                                                                                                                                                                • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,00758874,00000000,00000000,00000000,000000FF,00000000), ref: 0079692D
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Icon$DestroyExtractImageLoadMessageSend
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 1268354404-0
                                                                                                                                                                                                                                                • Opcode ID: fc87e527da6cd7fcba5ed61671cc1b07f07bac00a11f00319730511730197ae4
                                                                                                                                                                                                                                                • Instruction ID: 1525625095009458766529dd4f395ca79c93912612f6011fcfe45a8816fbdb09
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: fc87e527da6cd7fcba5ed61671cc1b07f07bac00a11f00319730511730197ae4
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3F516AB0600209EFDF208F24DC55FAA7BB9FF44761F104619F952A62A0DBB8E954DB50
                                                                                                                                                                                                                                                Function 007BC143 Relevance: 13.6, APIs: 9, Instructions: 95networkCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 007BC182
                                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 007BC195
                                                                                                                                                                                                                                                • SetEvent.KERNEL32(?), ref: 007BC1A9
                                                                                                                                                                                                                                                  • Part of subcall function 007BC253: InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 007BC272
                                                                                                                                                                                                                                                  • Part of subcall function 007BC253: GetLastError.KERNEL32 ref: 007BC322
                                                                                                                                                                                                                                                  • Part of subcall function 007BC253: SetEvent.KERNEL32(?), ref: 007BC336
                                                                                                                                                                                                                                                  • Part of subcall function 007BC253: InternetCloseHandle.WININET(00000000), ref: 007BC341
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Internet$ErrorEventLast$CloseConnectHandleOpen
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 337547030-0
                                                                                                                                                                                                                                                • Opcode ID: cc8ff679d3c6aab129f007f6721abbe3b716d2b15238888569ca0ba7f6dbe7a7
                                                                                                                                                                                                                                                • Instruction ID: 21288530d7bcef55539a91149070a585ddd445fbf0e3635025eb74e1256da144
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: cc8ff679d3c6aab129f007f6721abbe3b716d2b15238888569ca0ba7f6dbe7a7
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 97317A71201606AFDB229FA5DC48BE6BBF9FF58310B04C41EF956C6610D738E814DBA0
                                                                                                                                                                                                                                                Function 007A25A2 Relevance: 13.6, APIs: 9, Instructions: 60sleepkeyboardwindowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 007A3A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 007A3A57
                                                                                                                                                                                                                                                  • Part of subcall function 007A3A3D: GetCurrentThreadId.KERNEL32 ref: 007A3A5E
                                                                                                                                                                                                                                                  • Part of subcall function 007A3A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,007A25B3), ref: 007A3A65
                                                                                                                                                                                                                                                • MapVirtualKeyW.USER32(00000025,00000000), ref: 007A25BD
                                                                                                                                                                                                                                                • PostMessageW.USER32(?,00000100,00000025,00000000), ref: 007A25DB
                                                                                                                                                                                                                                                • Sleep.KERNEL32(00000000,?,00000100,00000025,00000000), ref: 007A25DF
                                                                                                                                                                                                                                                • MapVirtualKeyW.USER32(00000025,00000000), ref: 007A25E9
                                                                                                                                                                                                                                                • PostMessageW.USER32(?,00000100,00000027,00000000), ref: 007A2601
                                                                                                                                                                                                                                                • Sleep.KERNEL32(00000000,?,00000100,00000027,00000000), ref: 007A2605
                                                                                                                                                                                                                                                • MapVirtualKeyW.USER32(00000025,00000000), ref: 007A260F
                                                                                                                                                                                                                                                • PostMessageW.USER32(?,00000101,00000027,00000000), ref: 007A2623
                                                                                                                                                                                                                                                • Sleep.KERNEL32(00000000,?,00000101,00000027,00000000,?,00000100,00000027,00000000), ref: 007A2627
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: MessagePostSleepThreadVirtual$AttachCurrentInputProcessWindow
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2014098862-0
                                                                                                                                                                                                                                                • Opcode ID: 1e34eee2058fe0d4f773f94150de25a9e15afa496394cbd63f843fe425592cfd
                                                                                                                                                                                                                                                • Instruction ID: 729be01ebbf80715187f5eba83a353e40c76e06a4a42a572375971ff35f260a4
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1e34eee2058fe0d4f773f94150de25a9e15afa496394cbd63f843fe425592cfd
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2501B571790224FBFB106B689C8EF593F69DB8AB11F104142F354AE0D1CDE65845CA69
                                                                                                                                                                                                                                                Function 007A1803 Relevance: 13.5, APIs: 9, Instructions: 49memorythreadCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000008,0000000C,?,00000000,?,007A1449,?,?,00000000), ref: 007A180C
                                                                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000,?,007A1449,?,?,00000000), ref: 007A1813
                                                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,007A1449,?,?,00000000), ref: 007A1828
                                                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(?,00000000,?,007A1449,?,?,00000000), ref: 007A1830
                                                                                                                                                                                                                                                • DuplicateHandle.KERNEL32(00000000,?,007A1449,?,?,00000000), ref: 007A1833
                                                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,007A1449,?,?,00000000), ref: 007A1843
                                                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(007A1449,00000000,?,007A1449,?,?,00000000), ref: 007A184B
                                                                                                                                                                                                                                                • DuplicateHandle.KERNEL32(00000000,?,007A1449,?,?,00000000), ref: 007A184E
                                                                                                                                                                                                                                                • CreateThread.KERNEL32(00000000,00000000,007A1874,00000000,00000000,00000000), ref: 007A1868
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Process$Current$DuplicateHandleHeap$AllocCreateThread
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 1957940570-0
                                                                                                                                                                                                                                                • Opcode ID: 080edc0142152def17b9b9559a552def9303491df65a228dbd00a390630fbb2a
                                                                                                                                                                                                                                                • Instruction ID: 7605a324f994ed99ac1d5ebc40dd81b49e957be3ab2a7e9691b50647d38bd286
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 080edc0142152def17b9b9559a552def9303491df65a228dbd00a390630fbb2a
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4601BFB5241319BFE711AB65DC4EF573B6CEB89B11F418511FA05DB191C6759C00CB24
                                                                                                                                                                                                                                                Function 00773E80 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 305COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: __alldvrm$_strrchr
                                                                                                                                                                                                                                                • String ID: }}v$}}v$}}v
                                                                                                                                                                                                                                                • API String ID: 1036877536-3206339712
                                                                                                                                                                                                                                                • Opcode ID: 190bec492484a18a97fe5f025dcdb3e473ceac46589bc02d4dbe4f94f5be8f6e
                                                                                                                                                                                                                                                • Instruction ID: a2e20217ef5263fffe90a847349a859e62e5daa294db5802733237c4250f6c16
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 190bec492484a18a97fe5f025dcdb3e473ceac46589bc02d4dbe4f94f5be8f6e
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B4A13672E003869FDF15DE18C8917AEBBE4EF613D0F1481ADE5999B282C33C8981C751
                                                                                                                                                                                                                                                Function 007CA0E2 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 160COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 007AD4DC: CreateToolhelp32Snapshot.KERNEL32 ref: 007AD501
                                                                                                                                                                                                                                                  • Part of subcall function 007AD4DC: Process32FirstW.KERNEL32(00000000,?), ref: 007AD50F
                                                                                                                                                                                                                                                  • Part of subcall function 007AD4DC: CloseHandle.KERNELBASE(00000000), ref: 007AD5DC
                                                                                                                                                                                                                                                • OpenProcess.KERNEL32(00000001,00000000,?), ref: 007CA16D
                                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 007CA180
                                                                                                                                                                                                                                                • OpenProcess.KERNEL32(00000001,00000000,?), ref: 007CA1B3
                                                                                                                                                                                                                                                • TerminateProcess.KERNEL32(00000000,00000000), ref: 007CA268
                                                                                                                                                                                                                                                • GetLastError.KERNEL32(00000000), ref: 007CA273
                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 007CA2C4
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Process$CloseErrorHandleLastOpen$CreateFirstProcess32SnapshotTerminateToolhelp32
                                                                                                                                                                                                                                                • String ID: SeDebugPrivilege
                                                                                                                                                                                                                                                • API String ID: 2533919879-2896544425
                                                                                                                                                                                                                                                • Opcode ID: 417c0b183da354cf700758770e23f549a84596f6ed622f42e584cb0cdfcb0ac3
                                                                                                                                                                                                                                                • Instruction ID: 889027cc4cffc0aaf4fd8840ba34323085ac547f53c6c5b23f90560f1f2fa78d
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 417c0b183da354cf700758770e23f549a84596f6ed622f42e584cb0cdfcb0ac3
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5F61AF71205256AFD720DF18C498F15BBE1BF84318F18848CE4668B7A3C77AEC45CB92
                                                                                                                                                                                                                                                Function 007D3886 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 141windowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00001036,00000010,00000010), ref: 007D3925
                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00001036,00000000,?), ref: 007D393A
                                                                                                                                                                                                                                                • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 007D3954
                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 007D3999
                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001057,00000000,?), ref: 007D39C6
                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001061,?,0000000F), ref: 007D39F4
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: MessageSend$Window_wcslen
                                                                                                                                                                                                                                                • String ID: SysListView32
                                                                                                                                                                                                                                                • API String ID: 2147712094-78025650
                                                                                                                                                                                                                                                • Opcode ID: 76d71e34cd7f28780e1ed197238903975248c05bf6ffbc2d18b0bbfc4f3b36f3
                                                                                                                                                                                                                                                • Instruction ID: 6d13c0924579322b0cf9abda9a623cef0098cba5f6c464f3d44256f8b95550c8
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 76d71e34cd7f28780e1ed197238903975248c05bf6ffbc2d18b0bbfc4f3b36f3
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A841A471A00219ABEF219F64CC49BEA7BB9FF08354F100567F958E7281D779E984CB90
                                                                                                                                                                                                                                                Function 007ABC5E Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 137windowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 007ABCFD
                                                                                                                                                                                                                                                • IsMenu.USER32(00000000), ref: 007ABD1D
                                                                                                                                                                                                                                                • CreatePopupMenu.USER32 ref: 007ABD53
                                                                                                                                                                                                                                                • GetMenuItemCount.USER32(01645EF8), ref: 007ABDA4
                                                                                                                                                                                                                                                • InsertMenuItemW.USER32(01645EF8,?,00000001,00000030), ref: 007ABDCC
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Menu$Item$CountCreateInfoInsertPopup
                                                                                                                                                                                                                                                • String ID: 0$2
                                                                                                                                                                                                                                                • API String ID: 93392585-3793063076
                                                                                                                                                                                                                                                • Opcode ID: bb5e868f974e7f8b68b691ea79641cabe1ae2575178a44f05fec45a5598e1dfa
                                                                                                                                                                                                                                                • Instruction ID: 8024b64c55bdd0b1a8b780cedcec190b828fb24ada3fbfa2d861578aa19e3836
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: bb5e868f974e7f8b68b691ea79641cabe1ae2575178a44f05fec45a5598e1dfa
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9A519070B00205DBDF15CFB8D888BAEBBF4BF86314F248359E4119B292D778A945CB61
                                                                                                                                                                                                                                                Function 00762D20 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • _ValidateLocalCookies.LIBCMT ref: 00762D4B
                                                                                                                                                                                                                                                • ___except_validate_context_record.LIBVCRUNTIME ref: 00762D53
                                                                                                                                                                                                                                                • _ValidateLocalCookies.LIBCMT ref: 00762DE1
                                                                                                                                                                                                                                                • __IsNonwritableInCurrentImage.LIBCMT ref: 00762E0C
                                                                                                                                                                                                                                                • _ValidateLocalCookies.LIBCMT ref: 00762E61
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                                                                                                • String ID: &Hv$csm
                                                                                                                                                                                                                                                • API String ID: 1170836740-404954504
                                                                                                                                                                                                                                                • Opcode ID: c23d7ae45b230b96efa000ded3e5be55cf157a3663ceaed705c48685625f5bac
                                                                                                                                                                                                                                                • Instruction ID: b1bfb52fbe3c11f32fde6795beecfca157bdd97b86ea3daad55b20b8d32b28d0
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c23d7ae45b230b96efa000ded3e5be55cf157a3663ceaed705c48685625f5bac
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5241B534B01609EBCF50DF68C849A9EBBB5BF45324F148155EC166B393D739AA02CBD0
                                                                                                                                                                                                                                                Function 007AC874 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 81windowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • LoadIconW.USER32(00000000,00007F03), ref: 007AC913
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: IconLoad
                                                                                                                                                                                                                                                • String ID: blank$info$question$stop$warning
                                                                                                                                                                                                                                                • API String ID: 2457776203-404129466
                                                                                                                                                                                                                                                • Opcode ID: 09f5be72deefbb0dce2a4fb594c4d18212895bd3e1396a68a94fd77f62805752
                                                                                                                                                                                                                                                • Instruction ID: 3074055beafcffa6b1627a5718d1e4e4721e944adc81727577aa7bb7fbb53c2b
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 09f5be72deefbb0dce2a4fb594c4d18212895bd3e1396a68a94fd77f62805752
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 17112B36689306FEE7065B549C82CAB27DCEF56324B10422EF900E62C2E7AC6D005269
                                                                                                                                                                                                                                                Function 007ADE27 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 70networkCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CleanupStartup_strcatgethostbynamegethostnameinet_ntoa
                                                                                                                                                                                                                                                • String ID: 0.0.0.0
                                                                                                                                                                                                                                                • API String ID: 642191829-3771769585
                                                                                                                                                                                                                                                • Opcode ID: a65924f679f50ddee5585464f6124416400e16d88c9bff9af975b88864eab238
                                                                                                                                                                                                                                                • Instruction ID: 5957718b04000b00514c9284aa551b9f97c41326db2ca38c73a5e46fd2e793fc
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a65924f679f50ddee5585464f6124416400e16d88c9bff9af975b88864eab238
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3B112471908205EFCB30AB309C0AEEE77BCDB52311F04026AF406A6091EF7C9E80CA60
                                                                                                                                                                                                                                                Function 007D9F86 Relevance: 12.3, APIs: 8, Instructions: 260windowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 00759BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00759BB2
                                                                                                                                                                                                                                                • GetSystemMetrics.USER32(0000000F), ref: 007D9FC7
                                                                                                                                                                                                                                                • GetSystemMetrics.USER32(0000000F), ref: 007D9FE7
                                                                                                                                                                                                                                                • MoveWindow.USER32(00000003,?,?,?,?,00000000,?,?,?), ref: 007DA224
                                                                                                                                                                                                                                                • SendMessageW.USER32(00000003,00000142,00000000,0000FFFF), ref: 007DA242
                                                                                                                                                                                                                                                • SendMessageW.USER32(00000003,00000469,?,00000000), ref: 007DA263
                                                                                                                                                                                                                                                • ShowWindow.USER32(00000003,00000000), ref: 007DA282
                                                                                                                                                                                                                                                • InvalidateRect.USER32(?,00000000,00000001), ref: 007DA2A7
                                                                                                                                                                                                                                                • DefDlgProcW.USER32(?,00000005,?,?), ref: 007DA2CA
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Window$MessageMetricsSendSystem$InvalidateLongMoveProcRectShow
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 1211466189-0
                                                                                                                                                                                                                                                • Opcode ID: abd5e6ab291e9255f56a176c8e4ad108902a0c3ad9efffd219aa56548a87701f
                                                                                                                                                                                                                                                • Instruction ID: 16d5c25046acd23747343cb8b27e9d256a35f2cc21b193aad9bed99a32b1351b
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: abd5e6ab291e9255f56a176c8e4ad108902a0c3ad9efffd219aa56548a87701f
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E3B1BA31600219EBDF14CF69C9857AE7BB2FF88711F08C06AED459B395D739A940CB61
                                                                                                                                                                                                                                                Function 007AED19 Relevance: 12.1, APIs: 8, Instructions: 137timeCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: _wcslen$LocalTime
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 952045576-0
                                                                                                                                                                                                                                                • Opcode ID: 0fcf85e64fe26f51cbf6415a8b17ca9463a2b2325a2cedbb075fdb25250aab60
                                                                                                                                                                                                                                                • Instruction ID: 62bb388ee87661c2ddb9f39ee34bc6acf8e2dddc5ee57385a1eb828e8e649a73
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0fcf85e64fe26f51cbf6415a8b17ca9463a2b2325a2cedbb075fdb25250aab60
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AB41B366D10218F9DB11EBF4888E9CFB7A8AF45310F508562F915F3122FB38E645C3A5
                                                                                                                                                                                                                                                Function 0075F8D8 Relevance: 12.1, APIs: 8, Instructions: 124COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,0079682C,00000004,00000000,00000000), ref: 0075F953
                                                                                                                                                                                                                                                • ShowWindow.USER32(FFFFFFFF,00000006,?,00000000,?,0079682C,00000004,00000000,00000000), ref: 0079F3D1
                                                                                                                                                                                                                                                • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,0079682C,00000004,00000000,00000000), ref: 0079F454
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ShowWindow
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 1268545403-0
                                                                                                                                                                                                                                                • Opcode ID: 15a78a349d183e9850e38929c9edb0a29aea91f853346f6c0df79acc8ffc58c2
                                                                                                                                                                                                                                                • Instruction ID: 52713499517eea1aecb95bf49a05c862068efd366e9758bcd6bf3c0ad5e8d42e
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 15a78a349d183e9850e38929c9edb0a29aea91f853346f6c0df79acc8ffc58c2
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 02412D31604AC0BADB359B28D88C7EA7BA5AF46352F14803DE947D2560C7BEB488C711
                                                                                                                                                                                                                                                Function 007D2D03 Relevance: 12.1, APIs: 8, Instructions: 95windowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • DeleteObject.GDI32(00000000), ref: 007D2D1B
                                                                                                                                                                                                                                                • GetDC.USER32(00000000), ref: 007D2D23
                                                                                                                                                                                                                                                • GetDeviceCaps.GDI32(00000000,0000005A), ref: 007D2D2E
                                                                                                                                                                                                                                                • ReleaseDC.USER32(00000000,00000000), ref: 007D2D3A
                                                                                                                                                                                                                                                • CreateFontW.GDI32(?,00000000,00000000,00000000,?,00000000,00000000,00000000,00000001,00000004,00000000,?,00000000,?), ref: 007D2D76
                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 007D2D87
                                                                                                                                                                                                                                                • MoveWindow.USER32(?,?,?,?,?,00000000,?,?,007D5A65,?,?,000000FF,00000000,?,000000FF,?), ref: 007D2DC2
                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000142,00000000,00000000), ref: 007D2DE1
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 3864802216-0
                                                                                                                                                                                                                                                • Opcode ID: dfe5bcf7eaca685fc22b083b3aa28ac1d004a0090faa40684cf564f63e2235ee
                                                                                                                                                                                                                                                • Instruction ID: ecfadf6bb61f5c44d6c3539516f2fc82e2e3da2575a0182a38d823744e08a9b7
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: dfe5bcf7eaca685fc22b083b3aa28ac1d004a0090faa40684cf564f63e2235ee
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 04317F72202214BFEB154F50CC89FEB3BB9EF19715F048056FE089A291D6799C51C7A4
                                                                                                                                                                                                                                                Function 007A5622 Relevance: 12.1, APIs: 8, Instructions: 92COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: _memcmp
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2931989736-0
                                                                                                                                                                                                                                                • Opcode ID: 0ba49f33f4ecb4cd14723bc12a62e635443a8343d6baa0d9af70134bf105b649
                                                                                                                                                                                                                                                • Instruction ID: baf1689b1f086e6440f939d8ad70e80d47383c7c291d7684c446d43b33f4f50e
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0ba49f33f4ecb4cd14723bc12a62e635443a8343d6baa0d9af70134bf105b649
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0521DEA1741A05F7D21455214E86FFB336CAFA2784F844121FD175A741F72CED2082B5
                                                                                                                                                                                                                                                Function 007C4FAE Relevance: 10.9, APIs: 4, Strings: 2, Instructions: 359COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: NULL Pointer assignment$Not an Object type
                                                                                                                                                                                                                                                • API String ID: 0-572801152
                                                                                                                                                                                                                                                • Opcode ID: 4ef8be68a26e580a46ab8bf91588fc2ea9135e35e61a6a7e2f1817ee149e87bc
                                                                                                                                                                                                                                                • Instruction ID: 3ce7a064e0ea8bdc7dbd85a92c3643b81aa20aca70e3fdab64ab1ce87a6531f3
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4ef8be68a26e580a46ab8bf91588fc2ea9135e35e61a6a7e2f1817ee149e87bc
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 74D19F71A0060A9FDF10CFA8C885FAEB7B5BF48344F14816DE915AB281E775ED81CB90
                                                                                                                                                                                                                                                Function 00781522 Relevance: 10.8, APIs: 7, Instructions: 268COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetCPInfo.KERNEL32(?,?), ref: 007815CE
                                                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 00781651
                                                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 007816E4
                                                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 007816FB
                                                                                                                                                                                                                                                  • Part of subcall function 00773820: RtlAllocateHeap.NTDLL(00000000,?,00811444,?,0075FDF5,?,?,0074A976,00000010,00811440,007413FC,?,007413C6,?,00741129), ref: 00773852
                                                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00781777
                                                                                                                                                                                                                                                • __freea.LIBCMT ref: 007817A2
                                                                                                                                                                                                                                                • __freea.LIBCMT ref: 007817AE
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ByteCharMultiWide$__freea$AllocateHeapInfo
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2829977744-0
                                                                                                                                                                                                                                                • Opcode ID: 36b11b43d1454a2f9f8f7646c1a2bed9ad8c5116bab12069c447fefb7d22e618
                                                                                                                                                                                                                                                • Instruction ID: 584fb257989832260ee45bbee8b280bdf0c6888db3f29f7c01d001491e556b72
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 36b11b43d1454a2f9f8f7646c1a2bed9ad8c5116bab12069c447fefb7d22e618
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5991D571E402169ADF20AE74CC85EEE7BBD9F49350F984659E806E7141EB3DCD42CB60
                                                                                                                                                                                                                                                Function 007C4523 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 262COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Variant$ClearInit
                                                                                                                                                                                                                                                • String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
                                                                                                                                                                                                                                                • API String ID: 2610073882-625585964
                                                                                                                                                                                                                                                • Opcode ID: 66828ac228911d0f0b3dbce5b9464d0975d8739dd52290144df7236fe02bab5d
                                                                                                                                                                                                                                                • Instruction ID: a75b4def97749dafe234bd5ce48c7fd53b1a11ee8136369cf5a065b246dda474
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 66828ac228911d0f0b3dbce5b9464d0975d8739dd52290144df7236fe02bab5d
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2E917E71A00219ABDF20CFA4CC58FAEBBB8EF46714F10855DF915AB280D7789945CBA0
                                                                                                                                                                                                                                                Function 007B1187 Relevance: 10.8, APIs: 7, Instructions: 254COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • SafeArrayGetVartype.OLEAUT32(00000001,?), ref: 007B125C
                                                                                                                                                                                                                                                • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 007B1284
                                                                                                                                                                                                                                                • SafeArrayUnaccessData.OLEAUT32(00000001), ref: 007B12A8
                                                                                                                                                                                                                                                • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 007B12D8
                                                                                                                                                                                                                                                • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 007B135F
                                                                                                                                                                                                                                                • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 007B13C4
                                                                                                                                                                                                                                                • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 007B1430
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ArraySafe$Data$Access$UnaccessVartype
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2550207440-0
                                                                                                                                                                                                                                                • Opcode ID: a3580b173b0d26c4ffc0ee8403ad965e94983bd5f56054ae6c5d9431de8c4576
                                                                                                                                                                                                                                                • Instruction ID: f658eed0c2d910736429e6b90d35293b7a9ab2a76d45d5b1adb9ba8413408fc9
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a3580b173b0d26c4ffc0ee8403ad965e94983bd5f56054ae6c5d9431de8c4576
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6991B171A002199FDB01DFA4C8A8BFE77B5FF45725F918029E900E7291D77DA941CB90
                                                                                                                                                                                                                                                Function 0075948A Relevance: 10.8, APIs: 7, Instructions: 254COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ObjectSelect$BeginCreatePath
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 3225163088-0
                                                                                                                                                                                                                                                • Opcode ID: 5b7a0a70a6257ad782ea20852429b09f9e74898613435a59096c310f71ffbb23
                                                                                                                                                                                                                                                • Instruction ID: 1c7f4fb0b82d8e456617089086f8d346ce4a2bda0bcb979f3710965067f8b665
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5b7a0a70a6257ad782ea20852429b09f9e74898613435a59096c310f71ffbb23
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 95914871D00219EFCB15CFA9CC88AEEBBB8FF48321F148155EA15B7291D378A955CB60
                                                                                                                                                                                                                                                Function 007C3947 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 240COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • VariantInit.OLEAUT32(?), ref: 007C396B
                                                                                                                                                                                                                                                • CharUpperBuffW.USER32(?,?), ref: 007C3A7A
                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 007C3A8A
                                                                                                                                                                                                                                                • VariantClear.OLEAUT32(?), ref: 007C3C1F
                                                                                                                                                                                                                                                  • Part of subcall function 007B0CDF: VariantInit.OLEAUT32(00000000), ref: 007B0D1F
                                                                                                                                                                                                                                                  • Part of subcall function 007B0CDF: VariantCopy.OLEAUT32(?,?), ref: 007B0D28
                                                                                                                                                                                                                                                  • Part of subcall function 007B0CDF: VariantClear.OLEAUT32(?), ref: 007B0D34
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Variant$ClearInit$BuffCharCopyUpper_wcslen
                                                                                                                                                                                                                                                • String ID: AUTOIT.ERROR$Incorrect Parameter format
                                                                                                                                                                                                                                                • API String ID: 4137639002-1221869570
                                                                                                                                                                                                                                                • Opcode ID: 4753fb54e9a66122cb9c93b2bf826a0d2fe4a0481ce8fd5ff25a9f818b68ba32
                                                                                                                                                                                                                                                • Instruction ID: 810144e87c0869dde662765ac38dd35511cb10e676f3f3c357ba2dd24270f74b
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4753fb54e9a66122cb9c93b2bf826a0d2fe4a0481ce8fd5ff25a9f818b68ba32
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9F9123756083059FC714DF28C485A6AB7E4FF89314F14892EF88A9B351DB39EE05CB92
                                                                                                                                                                                                                                                Function 007C4BAD Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 236COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 007A000E: CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,0079FF41,80070057,?,?,?,007A035E), ref: 007A002B
                                                                                                                                                                                                                                                  • Part of subcall function 007A000E: ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0079FF41,80070057,?,?), ref: 007A0046
                                                                                                                                                                                                                                                  • Part of subcall function 007A000E: lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0079FF41,80070057,?,?), ref: 007A0054
                                                                                                                                                                                                                                                  • Part of subcall function 007A000E: CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0079FF41,80070057,?), ref: 007A0064
                                                                                                                                                                                                                                                • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000,00000001,?,?), ref: 007C4C51
                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 007C4D59
                                                                                                                                                                                                                                                • CoCreateInstanceEx.OLE32(?,00000000,00000015,?,00000001,?), ref: 007C4DCF
                                                                                                                                                                                                                                                • CoTaskMemFree.OLE32(?), ref: 007C4DDA
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: FreeFromProgTask$CreateInitializeInstanceSecurity_wcslenlstrcmpi
                                                                                                                                                                                                                                                • String ID: NULL Pointer assignment
                                                                                                                                                                                                                                                • API String ID: 614568839-2785691316
                                                                                                                                                                                                                                                • Opcode ID: 0a9a6ff1648a86b1b815b6a1257f48ae7d7d330589950425d3f04605ac23f6fb
                                                                                                                                                                                                                                                • Instruction ID: 2d988936a85d2885d4dfe3db06804c44ced4471d277c60507098c4d2f391201a
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0a9a6ff1648a86b1b815b6a1257f48ae7d7d330589950425d3f04605ac23f6fb
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9E911471D00219EBDF11DFA4C895EEEB7B8BF08310F10856EE915A7251EB389A44CFA0
                                                                                                                                                                                                                                                Function 007D20FD Relevance: 10.7, APIs: 7, Instructions: 196windowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetMenu.USER32(?), ref: 007D2183
                                                                                                                                                                                                                                                • GetMenuItemCount.USER32(00000000), ref: 007D21B5
                                                                                                                                                                                                                                                • GetMenuStringW.USER32(00000000,00000000,?,00007FFF,00000400), ref: 007D21DD
                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 007D2213
                                                                                                                                                                                                                                                • GetMenuItemID.USER32(?,?), ref: 007D224D
                                                                                                                                                                                                                                                • GetSubMenu.USER32(?,?), ref: 007D225B
                                                                                                                                                                                                                                                  • Part of subcall function 007A3A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 007A3A57
                                                                                                                                                                                                                                                  • Part of subcall function 007A3A3D: GetCurrentThreadId.KERNEL32 ref: 007A3A5E
                                                                                                                                                                                                                                                  • Part of subcall function 007A3A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,007A25B3), ref: 007A3A65
                                                                                                                                                                                                                                                • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 007D22E3
                                                                                                                                                                                                                                                  • Part of subcall function 007AE97B: Sleep.KERNEL32 ref: 007AE9F3
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Menu$Thread$Item$AttachCountCurrentInputMessagePostProcessSleepStringWindow_wcslen
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 4196846111-0
                                                                                                                                                                                                                                                • Opcode ID: 5c150db0b4fb64bedf3bfccbdf6e0048ac69572c90ce38be137a7feb5f2907a7
                                                                                                                                                                                                                                                • Instruction ID: ed9a579c7f966b1d915fd42a2ad301a6f8f3f2947af293aad2db4e57fffc7f5e
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5c150db0b4fb64bedf3bfccbdf6e0048ac69572c90ce38be137a7feb5f2907a7
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 20718D35A00205EFCB11DF64C845AAEBBF5FF98310F15845AE816AB352DB39ED42CB90
                                                                                                                                                                                                                                                Function 007D7E9E Relevance: 10.7, APIs: 7, Instructions: 193windowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • IsWindow.USER32(01645E08), ref: 007D7F37
                                                                                                                                                                                                                                                • IsWindowEnabled.USER32(01645E08), ref: 007D7F43
                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,0000041C,00000000,00000000), ref: 007D801E
                                                                                                                                                                                                                                                • SendMessageW.USER32(01645E08,000000B0,?,?), ref: 007D8051
                                                                                                                                                                                                                                                • IsDlgButtonChecked.USER32(?,?), ref: 007D8089
                                                                                                                                                                                                                                                • GetWindowLongW.USER32(01645E08,000000EC), ref: 007D80AB
                                                                                                                                                                                                                                                • SendMessageW.USER32(?,000000A1,00000002,00000000), ref: 007D80C3
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: MessageSendWindow$ButtonCheckedEnabledLong
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 4072528602-0
                                                                                                                                                                                                                                                • Opcode ID: 64f0d73f4f901f7f031e6b27d8bba06920b3d675e6112a0f5d97ce5a1a77e535
                                                                                                                                                                                                                                                • Instruction ID: 68685654bb759c529c4f094ae9eacc6495144a7e5566899342a5810a08f5e23b
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 64f0d73f4f901f7f031e6b27d8bba06920b3d675e6112a0f5d97ce5a1a77e535
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 56719074608204AFEF399F54C884FEABBB9FF09300F14445BE95597361DB39A946CB21
                                                                                                                                                                                                                                                Function 007AAEBA Relevance: 10.7, APIs: 7, Instructions: 162windowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetParent.USER32(?), ref: 007AAEF9
                                                                                                                                                                                                                                                • GetKeyboardState.USER32(?), ref: 007AAF0E
                                                                                                                                                                                                                                                • SetKeyboardState.USER32(?), ref: 007AAF6F
                                                                                                                                                                                                                                                • PostMessageW.USER32(?,00000101,00000010,?), ref: 007AAF9D
                                                                                                                                                                                                                                                • PostMessageW.USER32(?,00000101,00000011,?), ref: 007AAFBC
                                                                                                                                                                                                                                                • PostMessageW.USER32(?,00000101,00000012,?), ref: 007AAFFD
                                                                                                                                                                                                                                                • PostMessageW.USER32(?,00000101,0000005B,?), ref: 007AB020
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: MessagePost$KeyboardState$Parent
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 87235514-0
                                                                                                                                                                                                                                                • Opcode ID: 2b81eb8fe86f52d1f694a81d4b849ffec2aba917d94b76bffe41e50c5eb6f021
                                                                                                                                                                                                                                                • Instruction ID: b9751fe5a6ccb146309ba4d79d3ffcabf646a6785c4979f0c1f902aaa3253523
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2b81eb8fe86f52d1f694a81d4b849ffec2aba917d94b76bffe41e50c5eb6f021
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2E51A1A06047D57DFB3643348C49BBBBEA95B87304F08868AF1D9554C3C39CE884D751
                                                                                                                                                                                                                                                Function 007AACDA Relevance: 10.7, APIs: 7, Instructions: 161windowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetParent.USER32(00000000), ref: 007AAD19
                                                                                                                                                                                                                                                • GetKeyboardState.USER32(?), ref: 007AAD2E
                                                                                                                                                                                                                                                • SetKeyboardState.USER32(?), ref: 007AAD8F
                                                                                                                                                                                                                                                • PostMessageW.USER32(00000000,00000100,00000010,?), ref: 007AADBB
                                                                                                                                                                                                                                                • PostMessageW.USER32(00000000,00000100,00000011,?), ref: 007AADD8
                                                                                                                                                                                                                                                • PostMessageW.USER32(00000000,00000100,00000012,?), ref: 007AAE17
                                                                                                                                                                                                                                                • PostMessageW.USER32(00000000,00000100,0000005B,?), ref: 007AAE38
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: MessagePost$KeyboardState$Parent
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 87235514-0
                                                                                                                                                                                                                                                • Opcode ID: 692e284881721fd767a7dc95c18767c512540c3472b0331bfcfb3cbd33ea6896
                                                                                                                                                                                                                                                • Instruction ID: 7a99c86170cd8534fa1d40e24e962e85f7444fb8595365b44057152d8e9076b1
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 692e284881721fd767a7dc95c18767c512540c3472b0331bfcfb3cbd33ea6896
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6751B6A16087D53DFB3783348C56B7ABEA96B87301F088689E1D5568C3D39CEC84D762
                                                                                                                                                                                                                                                Function 0077542E Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetConsoleCP.KERNEL32(00783CD6,?,?,?,?,?,?,?,?,00775BA3,?,?,00783CD6,?,?), ref: 00775470
                                                                                                                                                                                                                                                • __fassign.LIBCMT ref: 007754EB
                                                                                                                                                                                                                                                • __fassign.LIBCMT ref: 00775506
                                                                                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(?,00000000,?,00000001,00783CD6,00000005,00000000,00000000), ref: 0077552C
                                                                                                                                                                                                                                                • WriteFile.KERNEL32(?,00783CD6,00000000,00775BA3,00000000,?,?,?,?,?,?,?,?,?,00775BA3,?), ref: 0077554B
                                                                                                                                                                                                                                                • WriteFile.KERNEL32(?,?,00000001,00775BA3,00000000,?,?,?,?,?,?,?,?,?,00775BA3,?), ref: 00775584
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 1324828854-0
                                                                                                                                                                                                                                                • Opcode ID: 452fb43b5b5cf18ad93a110dc9da28aaf42c90dc0b2baa4d3669602490b339e8
                                                                                                                                                                                                                                                • Instruction ID: 3ccd4079b70d274fd6ce114d8fc84cf863297224339c66b30ecec73445933d48
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 452fb43b5b5cf18ad93a110dc9da28aaf42c90dc0b2baa4d3669602490b339e8
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7251C3709007499FDF11CFA8D845AEEBBFAEF08340F14811AF559E7291E7749A51CB60
                                                                                                                                                                                                                                                Function 007C10B8 Relevance: 10.6, APIs: 7, Instructions: 110networkCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 007C304E: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 007C307A
                                                                                                                                                                                                                                                  • Part of subcall function 007C304E: _wcslen.LIBCMT ref: 007C309B
                                                                                                                                                                                                                                                • socket.WSOCK32(00000002,00000001,00000006,?,?,00000000), ref: 007C1112
                                                                                                                                                                                                                                                • WSAGetLastError.WSOCK32 ref: 007C1121
                                                                                                                                                                                                                                                • WSAGetLastError.WSOCK32 ref: 007C11C9
                                                                                                                                                                                                                                                • closesocket.WSOCK32(00000000), ref: 007C11F9
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ErrorLast$_wcslenclosesocketinet_addrsocket
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2675159561-0
                                                                                                                                                                                                                                                • Opcode ID: 194aa18d1041240ff4b4babb9532e2cacf7295d7bfcea94792589450afb91eb4
                                                                                                                                                                                                                                                • Instruction ID: bd5cba04b6a6f1ecb4d0eaa204be9c5dcaf8de52f281dced591e0073678802dc
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 194aa18d1041240ff4b4babb9532e2cacf7295d7bfcea94792589450afb91eb4
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B641C231600209AFDB119F14C888FA9B7E9EF46324F58816DFD159B292C77CED41CBA5
                                                                                                                                                                                                                                                Function 007ACF00 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 108filestringCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 007ADDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,007ACF22,?), ref: 007ADDFD
                                                                                                                                                                                                                                                  • Part of subcall function 007ADDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,007ACF22,?), ref: 007ADE16
                                                                                                                                                                                                                                                • lstrcmpiW.KERNEL32(?,?), ref: 007ACF45
                                                                                                                                                                                                                                                • MoveFileW.KERNEL32(?,?), ref: 007ACF7F
                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 007AD005
                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 007AD01B
                                                                                                                                                                                                                                                • SHFileOperationW.SHELL32(?), ref: 007AD061
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: FileFullNamePath_wcslen$MoveOperationlstrcmpi
                                                                                                                                                                                                                                                • String ID: \*.*
                                                                                                                                                                                                                                                • API String ID: 3164238972-1173974218
                                                                                                                                                                                                                                                • Opcode ID: 65a6104e2918cc8d8d1ce8c764075f473c7c69f620d4eda49dc5bf39040cf9fc
                                                                                                                                                                                                                                                • Instruction ID: ccfd7a4b8d6dd1f0359f7edcc3a936b2e0189d51ea882fb6c88fdc3b4ab4ae6e
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 65a6104e2918cc8d8d1ce8c764075f473c7c69f620d4eda49dc5bf39040cf9fc
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EA4166729452199FDF13EFA4C985ADEB7B9AF49380F0001E6E505EB141EB38AB44CB50
                                                                                                                                                                                                                                                Function 007D2DFD Relevance: 10.6, APIs: 7, Instructions: 99windowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 007D2E1C
                                                                                                                                                                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 007D2E4F
                                                                                                                                                                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 007D2E84
                                                                                                                                                                                                                                                • SendMessageW.USER32(?,000000F1,00000000,00000000), ref: 007D2EB6
                                                                                                                                                                                                                                                • SendMessageW.USER32(?,000000F1,00000001,00000000), ref: 007D2EE0
                                                                                                                                                                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 007D2EF1
                                                                                                                                                                                                                                                • SetWindowLongW.USER32(?,000000F0,00000000), ref: 007D2F0B
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: LongWindow$MessageSend
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2178440468-0
                                                                                                                                                                                                                                                • Opcode ID: 1719af54094cb34dbf0514c0c56d1895007a132691dd344af08f37d8ff85ba2d
                                                                                                                                                                                                                                                • Instruction ID: dd1d5e8375c694d7e54a999b0a52e176230b17cb882c62698e8b5cb144da4458
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1719af54094cb34dbf0514c0c56d1895007a132691dd344af08f37d8ff85ba2d
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FC311530645141AFDB21CF18DC88FA537F4FBAA710F1441A6FA148B2B2CB75E842DB04
                                                                                                                                                                                                                                                Function 007A7726 Relevance: 10.6, APIs: 7, Instructions: 94memoryCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 007A7769
                                                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 007A778F
                                                                                                                                                                                                                                                • SysAllocString.OLEAUT32(00000000), ref: 007A7792
                                                                                                                                                                                                                                                • SysAllocString.OLEAUT32(?), ref: 007A77B0
                                                                                                                                                                                                                                                • SysFreeString.OLEAUT32(?), ref: 007A77B9
                                                                                                                                                                                                                                                • StringFromGUID2.OLE32(?,?,00000028), ref: 007A77DE
                                                                                                                                                                                                                                                • SysAllocString.OLEAUT32(?), ref: 007A77EC
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 3761583154-0
                                                                                                                                                                                                                                                • Opcode ID: 58675a047b273ff965ccd49fe6b21e9b5c16d4ea72dccb88aacc5ee1fbccb13d
                                                                                                                                                                                                                                                • Instruction ID: ce2d7580227013bebf67ee6e0e4fd15fd6e7b27cf2123bcbb907ea123d8d73a8
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 58675a047b273ff965ccd49fe6b21e9b5c16d4ea72dccb88aacc5ee1fbccb13d
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D421C17660921AAFDF14DFA8CC88CFB77ACEB4A3647008226FA04DB150D678DC41C764
                                                                                                                                                                                                                                                Function 007A77FD Relevance: 10.6, APIs: 7, Instructions: 89memoryCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 007A7842
                                                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 007A7868
                                                                                                                                                                                                                                                • SysAllocString.OLEAUT32(00000000), ref: 007A786B
                                                                                                                                                                                                                                                • SysAllocString.OLEAUT32 ref: 007A788C
                                                                                                                                                                                                                                                • SysFreeString.OLEAUT32 ref: 007A7895
                                                                                                                                                                                                                                                • StringFromGUID2.OLE32(?,?,00000028), ref: 007A78AF
                                                                                                                                                                                                                                                • SysAllocString.OLEAUT32(?), ref: 007A78BD
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 3761583154-0
                                                                                                                                                                                                                                                • Opcode ID: 85d99ccb53fbe856a5d780f0c470c98dfad57fa593bed6bdae0df8cedefe01b7
                                                                                                                                                                                                                                                • Instruction ID: 5248a629c5a84c74adf9c0b4930c2e2a8c81ace272ece9f3a4bbc00829d042ae
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 85d99ccb53fbe856a5d780f0c470c98dfad57fa593bed6bdae0df8cedefe01b7
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9721A171609205AFDB149FA8DC8CDAA77ECEF4A3607108225F915CB2A5D67CDC41CB68
                                                                                                                                                                                                                                                Function 007B04D2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetStdHandle.KERNEL32(0000000C), ref: 007B04F2
                                                                                                                                                                                                                                                • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 007B052E
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CreateHandlePipe
                                                                                                                                                                                                                                                • String ID: nul
                                                                                                                                                                                                                                                • API String ID: 1424370930-2873401336
                                                                                                                                                                                                                                                • Opcode ID: 4938838731f1441b90a71f141453c7eaeeab7b437c7f4b9f45c2c0a360bc070f
                                                                                                                                                                                                                                                • Instruction ID: e0d0077e30f11d859473e6570202cfb5ccea2bb5e5e0c45c03f18cbebda97e06
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4938838731f1441b90a71f141453c7eaeeab7b437c7f4b9f45c2c0a360bc070f
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 21212BB5500206AFDB309F69DC49F9A77B4BF45724F204A19E8A1D62E0E7749960CFA0
                                                                                                                                                                                                                                                Function 007B05A7 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetStdHandle.KERNEL32(000000F6), ref: 007B05C6
                                                                                                                                                                                                                                                • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 007B0601
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CreateHandlePipe
                                                                                                                                                                                                                                                • String ID: nul
                                                                                                                                                                                                                                                • API String ID: 1424370930-2873401336
                                                                                                                                                                                                                                                • Opcode ID: 90708db1a67fb5e5fb5f24b2f65868800183c8b029f9b8381d9c19d2379af34f
                                                                                                                                                                                                                                                • Instruction ID: 1fd8f558bedb1c9f40ff188bd020b7cf155774f8d66d3d6fb09f85a041e5e2ee
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 90708db1a67fb5e5fb5f24b2f65868800183c8b029f9b8381d9c19d2379af34f
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 52217F755003169BDB209F698C08BDB77F4BF95724F204B19E8A1E72E0D7749860CB94
                                                                                                                                                                                                                                                Function 007D40AD Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75windowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 0074600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 0074604C
                                                                                                                                                                                                                                                  • Part of subcall function 0074600E: GetStockObject.GDI32(00000011), ref: 00746060
                                                                                                                                                                                                                                                  • Part of subcall function 0074600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 0074606A
                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00002001,00000000,FF000000), ref: 007D4112
                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000409,00000000,FF000000), ref: 007D411F
                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000402,00000000,00000000), ref: 007D412A
                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000401,00000000,00640000), ref: 007D4139
                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000404,00000001,00000000), ref: 007D4145
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: MessageSend$CreateObjectStockWindow
                                                                                                                                                                                                                                                • String ID: Msctls_Progress32
                                                                                                                                                                                                                                                • API String ID: 1025951953-3636473452
                                                                                                                                                                                                                                                • Opcode ID: 0479a0c429c4a0ee56d46c4720e146d11c163a38299d328d6781a70b40017a9f
                                                                                                                                                                                                                                                • Instruction ID: 27fa139d2d521b1796a548070ea1cbc59343e05bf64b7901e0015d05c53c881e
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0479a0c429c4a0ee56d46c4720e146d11c163a38299d328d6781a70b40017a9f
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EB1193B115011DBFEF119F64CC85EE77F6DEF08798F004111B718A2190C6769C21DBA4
                                                                                                                                                                                                                                                Function 0077D7DF Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 0077D7A3: _free.LIBCMT ref: 0077D7CC
                                                                                                                                                                                                                                                • _free.LIBCMT ref: 0077D82D
                                                                                                                                                                                                                                                  • Part of subcall function 007729C8: RtlFreeHeap.NTDLL(00000000,00000000,?,0077D7D1,00000000,00000000,00000000,00000000,?,0077D7F8,00000000,00000007,00000000,?,0077DBF5,00000000), ref: 007729DE
                                                                                                                                                                                                                                                  • Part of subcall function 007729C8: GetLastError.KERNEL32(00000000,?,0077D7D1,00000000,00000000,00000000,00000000,?,0077D7F8,00000000,00000007,00000000,?,0077DBF5,00000000,00000000), ref: 007729F0
                                                                                                                                                                                                                                                • _free.LIBCMT ref: 0077D838
                                                                                                                                                                                                                                                • _free.LIBCMT ref: 0077D843
                                                                                                                                                                                                                                                • _free.LIBCMT ref: 0077D897
                                                                                                                                                                                                                                                • _free.LIBCMT ref: 0077D8A2
                                                                                                                                                                                                                                                • _free.LIBCMT ref: 0077D8AD
                                                                                                                                                                                                                                                • _free.LIBCMT ref: 0077D8B8
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 776569668-0
                                                                                                                                                                                                                                                • Opcode ID: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
                                                                                                                                                                                                                                                • Instruction ID: 92c46a8665066abc1a0f6263ccea0503a407af604eda8ab0d5ecc91ea522039f
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7E114271540704EADD31BFB4CC4BFCBBBEC6F40780F448815B2ADA60A3DA69B9454A90
                                                                                                                                                                                                                                                Function 007ADA5A Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 46windowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetModuleHandleW.KERNEL32(00000000,?,?,00000100,00000000), ref: 007ADA74
                                                                                                                                                                                                                                                • LoadStringW.USER32(00000000), ref: 007ADA7B
                                                                                                                                                                                                                                                • GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 007ADA91
                                                                                                                                                                                                                                                • LoadStringW.USER32(00000000), ref: 007ADA98
                                                                                                                                                                                                                                                • MessageBoxW.USER32(00000000,?,?,00011010), ref: 007ADADC
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                • %s (%d) : ==> %s: %s %s, xrefs: 007ADAB9
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: HandleLoadModuleString$Message
                                                                                                                                                                                                                                                • String ID: %s (%d) : ==> %s: %s %s
                                                                                                                                                                                                                                                • API String ID: 4072794657-3128320259
                                                                                                                                                                                                                                                • Opcode ID: 1fac117a199b32d76704aefb8a37e0f5de650b9dd6630d9a4fab1c27b33d0dbe
                                                                                                                                                                                                                                                • Instruction ID: 39bb2d905452db3e272654c47f0339a2ab2475cf3b8d137229bae1b8effe314a
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1fac117a199b32d76704aefb8a37e0f5de650b9dd6630d9a4fab1c27b33d0dbe
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F00186F2500219BFE7519BA0DD89EEB377CEB09301F408592B706E2041EA789E848F78
                                                                                                                                                                                                                                                Function 007B096B Relevance: 10.5, APIs: 7, Instructions: 35synchronizationthreadCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • InterlockedExchange.KERNEL32(0163E400,0163E400), ref: 007B097B
                                                                                                                                                                                                                                                • EnterCriticalSection.KERNEL32(0163E3E0,00000000), ref: 007B098D
                                                                                                                                                                                                                                                • TerminateThread.KERNEL32(?,000001F6), ref: 007B099B
                                                                                                                                                                                                                                                • WaitForSingleObject.KERNEL32(?,000003E8), ref: 007B09A9
                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 007B09B8
                                                                                                                                                                                                                                                • InterlockedExchange.KERNEL32(0163E400,000001F6), ref: 007B09C8
                                                                                                                                                                                                                                                • LeaveCriticalSection.KERNEL32(0163E3E0), ref: 007B09CF
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 3495660284-0
                                                                                                                                                                                                                                                • Opcode ID: 9fbd13a78034ea17a4d102184273ff7a3568a8657508b2b372e260f1c7e723d0
                                                                                                                                                                                                                                                • Instruction ID: 5e859b95b8f90801984185c0a3c2908aa9685f0cf2c8266da60510c174f96a01
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9fbd13a78034ea17a4d102184273ff7a3568a8657508b2b372e260f1c7e723d0
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E2F0EC32483A13BBD7525FA4EE8DBD6BB39FF05702F406126F242908A1C779A465CF94
                                                                                                                                                                                                                                                Function 00745D0A Relevance: 9.3, APIs: 6, Instructions: 276COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetClientRect.USER32(?,?), ref: 00745D30
                                                                                                                                                                                                                                                • GetWindowRect.USER32(?,?), ref: 00745D71
                                                                                                                                                                                                                                                • ScreenToClient.USER32(?,?), ref: 00745D99
                                                                                                                                                                                                                                                • GetClientRect.USER32(?,?), ref: 00745ED7
                                                                                                                                                                                                                                                • GetWindowRect.USER32(?,?), ref: 00745EF8
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Rect$Client$Window$Screen
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 1296646539-0
                                                                                                                                                                                                                                                • Opcode ID: a1b1c13e79304485da679a24385d0c295e3fe6158d02b89307e863e748fcea49
                                                                                                                                                                                                                                                • Instruction ID: 89c262993ad97f0ca7c646fe62337ed8a1699e58a16c5bd7b4d566aaf110b7b1
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a1b1c13e79304485da679a24385d0c295e3fe6158d02b89307e863e748fcea49
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CBB17835A00B4ADBDB10DFA9C4807EEB7F1FF58310F14851AE8AAD7250DB38AA51DB54
                                                                                                                                                                                                                                                Function 007701B7 Relevance: 9.3, APIs: 6, Instructions: 269COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • __allrem.LIBCMT ref: 007700BA
                                                                                                                                                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 007700D6
                                                                                                                                                                                                                                                • __allrem.LIBCMT ref: 007700ED
                                                                                                                                                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0077010B
                                                                                                                                                                                                                                                • __allrem.LIBCMT ref: 00770122
                                                                                                                                                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00770140
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 1992179935-0
                                                                                                                                                                                                                                                • Opcode ID: c0aa086816e9a6b10c8594d9af3fc1b6618250ddc70608c46d0048b3e4fbc764
                                                                                                                                                                                                                                                • Instruction ID: 352f69e39eed34db66f26e574fb727fd00c7174e131dd5b454a4b51ef1277c03
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c0aa086816e9a6b10c8594d9af3fc1b6618250ddc70608c46d0048b3e4fbc764
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 36811872A00706DFEB24AF28DC45BAF73E9AF413A4F24853AF515D7681E778D9008B90
                                                                                                                                                                                                                                                Function 007C1D10 Relevance: 9.3, APIs: 6, Instructions: 254networkCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 007C3149: select.WSOCK32(00000000,?,00000000,00000000,?,?,?,00000000,?,?,?,007C101C,00000000,?,?,00000000), ref: 007C3195
                                                                                                                                                                                                                                                • __WSAFDIsSet.WSOCK32(00000000,?,00000000,00000000,?,00000064,00000000), ref: 007C1DC0
                                                                                                                                                                                                                                                • #17.WSOCK32(00000000,?,?,00000000,?,00000010), ref: 007C1DE1
                                                                                                                                                                                                                                                • WSAGetLastError.WSOCK32 ref: 007C1DF2
                                                                                                                                                                                                                                                • inet_ntoa.WSOCK32(?), ref: 007C1E8C
                                                                                                                                                                                                                                                • htons.WSOCK32(?,?,?,?,?), ref: 007C1EDB
                                                                                                                                                                                                                                                • _strlen.LIBCMT ref: 007C1F35
                                                                                                                                                                                                                                                  • Part of subcall function 007A39E8: _strlen.LIBCMT ref: 007A39F2
                                                                                                                                                                                                                                                  • Part of subcall function 00746D9E: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,00000002,?,?,?,?,0075CF58,?,?,?), ref: 00746DBA
                                                                                                                                                                                                                                                  • Part of subcall function 00746D9E: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,?,?,?,0075CF58,?,?,?), ref: 00746DED
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ByteCharMultiWide_strlen$ErrorLasthtonsinet_ntoaselect
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 1923757996-0
                                                                                                                                                                                                                                                • Opcode ID: 9c7686ab70854bf53a10133a13db28890f0e3fe0a3c46c989ef876b4b36e9f9d
                                                                                                                                                                                                                                                • Instruction ID: aea5f636760dc7caffe26a3a339cdb62cee0b71e726f45865c3619316dd2c279
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9c7686ab70854bf53a10133a13db28890f0e3fe0a3c46c989ef876b4b36e9f9d
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E4A1A131204340AFC314DF24C899F2AB7E5AF86318F94895CF4565B2A3DB79ED46CB92
                                                                                                                                                                                                                                                Function 007761FE Relevance: 9.2, APIs: 6, Instructions: 216COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,007682D9,007682D9,?,?,?,0077644F,00000001,00000001,8BE85006), ref: 00776258
                                                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,0077644F,00000001,00000001,8BE85006,?,?,?), ref: 007762DE
                                                                                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,8BE85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 007763D8
                                                                                                                                                                                                                                                • __freea.LIBCMT ref: 007763E5
                                                                                                                                                                                                                                                  • Part of subcall function 00773820: RtlAllocateHeap.NTDLL(00000000,?,00811444,?,0075FDF5,?,?,0074A976,00000010,00811440,007413FC,?,007413C6,?,00741129), ref: 00773852
                                                                                                                                                                                                                                                • __freea.LIBCMT ref: 007763EE
                                                                                                                                                                                                                                                • __freea.LIBCMT ref: 00776413
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ByteCharMultiWide__freea$AllocateHeap
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 1414292761-0
                                                                                                                                                                                                                                                • Opcode ID: eba3e2565af6155a5e4678156cd5cb0e2b326a9a5d54fd1cb69da0cd472312be
                                                                                                                                                                                                                                                • Instruction ID: ff4d0b23f323811c1139f709b2f4f3df9ca5523ef80e8f6bbeb0e93845bd9138
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: eba3e2565af6155a5e4678156cd5cb0e2b326a9a5d54fd1cb69da0cd472312be
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A251E172600A16ABEF258F64CC85EBF77AAEF44790F148629FC09D6145EB38DC40C7A0
                                                                                                                                                                                                                                                Function 007CBBDB Relevance: 9.2, APIs: 6, Instructions: 191registryCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 00749CB3: _wcslen.LIBCMT ref: 00749CBD
                                                                                                                                                                                                                                                  • Part of subcall function 007CC998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,007CB6AE,?,?), ref: 007CC9B5
                                                                                                                                                                                                                                                  • Part of subcall function 007CC998: _wcslen.LIBCMT ref: 007CC9F1
                                                                                                                                                                                                                                                  • Part of subcall function 007CC998: _wcslen.LIBCMT ref: 007CCA68
                                                                                                                                                                                                                                                  • Part of subcall function 007CC998: _wcslen.LIBCMT ref: 007CCA9E
                                                                                                                                                                                                                                                • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 007CBCCA
                                                                                                                                                                                                                                                • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 007CBD25
                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(00000000), ref: 007CBD6A
                                                                                                                                                                                                                                                • RegEnumValueW.ADVAPI32(?,-00000001,?,?,00000000,?,00000000,00000000), ref: 007CBD99
                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?,?,00000000), ref: 007CBDF3
                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 007CBDFF
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpperValue
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 1120388591-0
                                                                                                                                                                                                                                                • Opcode ID: da36bcb5213c5b972f267c17b5b6d4236f6008d8d7073d74ce2ba4a5457c67e3
                                                                                                                                                                                                                                                • Instruction ID: 2b8ec22725310e0e917bd74ea12d64994fa7655b0cf9c0cf5b338fde9a18fe16
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: da36bcb5213c5b972f267c17b5b6d4236f6008d8d7073d74ce2ba4a5457c67e3
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2381A070208241EFD714DF24C886E2ABBE5FF84308F14895DF55A4B2A2DB35ED45CB92
                                                                                                                                                                                                                                                Function 0079F7AD Relevance: 9.2, APIs: 6, Instructions: 183memoryCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • VariantInit.OLEAUT32(00000035), ref: 0079F7B9
                                                                                                                                                                                                                                                • SysAllocString.OLEAUT32(00000001), ref: 0079F860
                                                                                                                                                                                                                                                • VariantCopy.OLEAUT32(0079FA64,00000000), ref: 0079F889
                                                                                                                                                                                                                                                • VariantClear.OLEAUT32(0079FA64), ref: 0079F8AD
                                                                                                                                                                                                                                                • VariantCopy.OLEAUT32(0079FA64,00000000), ref: 0079F8B1
                                                                                                                                                                                                                                                • VariantClear.OLEAUT32(?), ref: 0079F8BB
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Variant$ClearCopy$AllocInitString
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 3859894641-0
                                                                                                                                                                                                                                                • Opcode ID: ff861b310f7fd5ba6495ca7ca89de4518e3cd09718eaf9149e3afefa90707f45
                                                                                                                                                                                                                                                • Instruction ID: 1f46cdcfb529b8169afe4d7a00d464f1f95c8658a4919439173a2c525634612a
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ff861b310f7fd5ba6495ca7ca89de4518e3cd09718eaf9149e3afefa90707f45
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E151D431601310FACF64AF65E899B69B3A8EF45320B248467E905DF291DB78DC40C796
                                                                                                                                                                                                                                                Function 007B910C Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 383COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 00747620: _wcslen.LIBCMT ref: 00747625
                                                                                                                                                                                                                                                  • Part of subcall function 00746B57: _wcslen.LIBCMT ref: 00746B6A
                                                                                                                                                                                                                                                • GetOpenFileNameW.COMDLG32(00000058), ref: 007B94E5
                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 007B9506
                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 007B952D
                                                                                                                                                                                                                                                • GetSaveFileNameW.COMDLG32(00000058), ref: 007B9585
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: _wcslen$FileName$OpenSave
                                                                                                                                                                                                                                                • String ID: X
                                                                                                                                                                                                                                                • API String ID: 83654149-3081909835
                                                                                                                                                                                                                                                • Opcode ID: 40d80ca5dab0ad331798ad7fc7e5b1b7710f6f6cb497cc549a30511a4e9fa5a8
                                                                                                                                                                                                                                                • Instruction ID: 9630144811b1fb5f66a7f2989999cf26cb344721672617217d21744b2478b461
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 40d80ca5dab0ad331798ad7fc7e5b1b7710f6f6cb497cc549a30511a4e9fa5a8
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 24E1B131508340DFD724DF24C885BAAB7E4BF85310F14896DFA999B2A2DB39DD05CB92
                                                                                                                                                                                                                                                Function 0075920C Relevance: 9.1, APIs: 6, Instructions: 113COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 00759BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00759BB2
                                                                                                                                                                                                                                                • BeginPaint.USER32(?,?,?), ref: 00759241
                                                                                                                                                                                                                                                • GetWindowRect.USER32(?,?), ref: 007592A5
                                                                                                                                                                                                                                                • ScreenToClient.USER32(?,?), ref: 007592C2
                                                                                                                                                                                                                                                • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 007592D3
                                                                                                                                                                                                                                                • EndPaint.USER32(?,?,?,?,?), ref: 00759321
                                                                                                                                                                                                                                                • Rectangle.GDI32(00000000,00000000,00000000,?,?), ref: 007971EA
                                                                                                                                                                                                                                                  • Part of subcall function 00759339: BeginPath.GDI32(00000000), ref: 00759357
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: BeginPaintWindow$ClientLongPathRectRectangleScreenViewport
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 3050599898-0
                                                                                                                                                                                                                                                • Opcode ID: 11e14c6bfc4a94382e797370735f83a0cc18bd423ebc4716f3918e6542518663
                                                                                                                                                                                                                                                • Instruction ID: 047a80f3c61d946256644489403436de0b2762d8df0b76f7631f496fce37d7ba
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 11e14c6bfc4a94382e797370735f83a0cc18bd423ebc4716f3918e6542518663
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5541AB70105205EFDB11DF24D888FEA7BB8FF95321F144229FAA4872A1C7799849DB61
                                                                                                                                                                                                                                                Function 007B07EF Relevance: 9.1, APIs: 6, Instructions: 107fileCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • InterlockedExchange.KERNEL32(?,000001F5), ref: 007B080C
                                                                                                                                                                                                                                                • ReadFile.KERNEL32(?,?,0000FFFF,?,00000000), ref: 007B0847
                                                                                                                                                                                                                                                • EnterCriticalSection.KERNEL32(?), ref: 007B0863
                                                                                                                                                                                                                                                • LeaveCriticalSection.KERNEL32(?), ref: 007B08DC
                                                                                                                                                                                                                                                • ReadFile.KERNEL32(?,?,0000FFFF,00000000,00000000), ref: 007B08F3
                                                                                                                                                                                                                                                • InterlockedExchange.KERNEL32(?,000001F6), ref: 007B0921
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CriticalExchangeFileInterlockedReadSection$EnterLeave
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 3368777196-0
                                                                                                                                                                                                                                                • Opcode ID: b63d509afb4d02cd9df8e8f0e3c830a45a6bfeb08f6a970caf49cf114bcd1bc8
                                                                                                                                                                                                                                                • Instruction ID: 3522ea1ce9fa7922d8c22a42052f4e7d5350a3327aa87a9d3d788beedb82fb28
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b63d509afb4d02cd9df8e8f0e3c830a45a6bfeb08f6a970caf49cf114bcd1bc8
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6E419C71900205EFDF15AF54DC85AAA77B8FF04300F1080A9ED009A297D779EE64DBA4
                                                                                                                                                                                                                                                Function 007D81DB Relevance: 9.1, APIs: 6, Instructions: 104windowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • ShowWindow.USER32(FFFFFFFF,00000000,?,00000000,00000000,?,0079F3AB,00000000,?,?,00000000,?,0079682C,00000004,00000000,00000000), ref: 007D824C
                                                                                                                                                                                                                                                • EnableWindow.USER32(?,00000000), ref: 007D8272
                                                                                                                                                                                                                                                • ShowWindow.USER32(FFFFFFFF,00000000), ref: 007D82D1
                                                                                                                                                                                                                                                • ShowWindow.USER32(?,00000004), ref: 007D82E5
                                                                                                                                                                                                                                                • EnableWindow.USER32(?,00000001), ref: 007D830B
                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000130C,00000000,00000000), ref: 007D832F
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Window$Show$Enable$MessageSend
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 642888154-0
                                                                                                                                                                                                                                                • Opcode ID: 9f78a0dbc74051c4c84486ad32b4fd4cec6e44e11f635febd40f78d629e9b7da
                                                                                                                                                                                                                                                • Instruction ID: 42d89b32e987a0bca50cb7e4ab185e1d32301c320f428190aa3299a57af46f67
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9f78a0dbc74051c4c84486ad32b4fd4cec6e44e11f635febd40f78d629e9b7da
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3B419434601644AFDF51CF25CC99BE87BF0FF0A715F1882AAE6584B362CB35A841CB52
                                                                                                                                                                                                                                                Function 007A4C7D Relevance: 9.1, APIs: 6, Instructions: 87windowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • IsWindowVisible.USER32(?), ref: 007A4C95
                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 007A4CB2
                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 007A4CEA
                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 007A4D08
                                                                                                                                                                                                                                                • CharUpperBuffW.USER32(00000000,00000000,?,?,?,?), ref: 007A4D10
                                                                                                                                                                                                                                                • _wcsstr.LIBVCRUNTIME ref: 007A4D1A
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: MessageSend$BuffCharUpperVisibleWindow_wcslen_wcsstr
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 72514467-0
                                                                                                                                                                                                                                                • Opcode ID: dbbe68b824aba4abb8fca6fadea02d42dcb3a03d075138eaf4651c317a2aad67
                                                                                                                                                                                                                                                • Instruction ID: 5e170a1a13ba9fa97bf58b694b7c7548a22bdb14f8ad8e18dd6185e13ab99889
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: dbbe68b824aba4abb8fca6fadea02d42dcb3a03d075138eaf4651c317a2aad67
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E121F932605201BBEB155B399C4AE7B7BACDFC6750F10817AF909CA191DEAADC01D6A0
                                                                                                                                                                                                                                                Function 007B581E Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 336comCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 00743AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00743A97,?,?,00742E7F,?,?,?,00000000), ref: 00743AC2
                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 007B587B
                                                                                                                                                                                                                                                • CoInitialize.OLE32(00000000), ref: 007B5995
                                                                                                                                                                                                                                                • CoCreateInstance.OLE32(007DFCF8,00000000,00000001,007DFB68,?), ref: 007B59AE
                                                                                                                                                                                                                                                • CoUninitialize.OLE32 ref: 007B59CC
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CreateFullInitializeInstanceNamePathUninitialize_wcslen
                                                                                                                                                                                                                                                • String ID: .lnk
                                                                                                                                                                                                                                                • API String ID: 3172280962-24824748
                                                                                                                                                                                                                                                • Opcode ID: b9ca3289e84730995db17f35fe4de064abb820d7c5d1579666ff5169f400eea3
                                                                                                                                                                                                                                                • Instruction ID: ea6a4c0ccdded84477871868246ec58f95e30528f0ce46c823a5094b4b0c9a50
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b9ca3289e84730995db17f35fe4de064abb820d7c5d1579666ff5169f400eea3
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 89D153B1608701DFC714DF24C484A6ABBE5EF89710F14895DF88A9B361DB39EC45CB92
                                                                                                                                                                                                                                                Function 007A175D Relevance: 9.1, APIs: 6, Instructions: 68memoryCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 007A0FB4: GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 007A0FCA
                                                                                                                                                                                                                                                  • Part of subcall function 007A0FB4: GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 007A0FD6
                                                                                                                                                                                                                                                  • Part of subcall function 007A0FB4: GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 007A0FE5
                                                                                                                                                                                                                                                  • Part of subcall function 007A0FB4: HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 007A0FEC
                                                                                                                                                                                                                                                  • Part of subcall function 007A0FB4: GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 007A1002
                                                                                                                                                                                                                                                • GetLengthSid.ADVAPI32(?,00000000,007A1335), ref: 007A17AE
                                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000008,00000000), ref: 007A17BA
                                                                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000), ref: 007A17C1
                                                                                                                                                                                                                                                • CopySid.ADVAPI32(00000000,00000000,?), ref: 007A17DA
                                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000,007A1335), ref: 007A17EE
                                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000), ref: 007A17F5
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Heap$Process$AllocInformationToken$CopyErrorFreeLastLength
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 3008561057-0
                                                                                                                                                                                                                                                • Opcode ID: 7bc3489bf014625d967d4a6255e7ad805f28058b9b8e2a0a0e5fe00b82222758
                                                                                                                                                                                                                                                • Instruction ID: dc486fea8116964fee5ef06a5db5dd987c91564c8f90fde22f5bb731f8dfdf7d
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7bc3489bf014625d967d4a6255e7ad805f28058b9b8e2a0a0e5fe00b82222758
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6511BE72501216FFEB119FA4CC49FAE7BB9EB82355F508219F481A7290D73AAD40CB60
                                                                                                                                                                                                                                                Function 007A14CE Relevance: 9.1, APIs: 6, Instructions: 64processCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(0000000A,00000004), ref: 007A14FF
                                                                                                                                                                                                                                                • OpenProcessToken.ADVAPI32(00000000), ref: 007A1506
                                                                                                                                                                                                                                                • CreateEnvironmentBlock.USERENV(?,00000004,00000001), ref: 007A1515
                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000004), ref: 007A1520
                                                                                                                                                                                                                                                • CreateProcessWithLogonW.ADVAPI32(?,?,?,00000000,00000000,?,?,00000000,?,?,?), ref: 007A154F
                                                                                                                                                                                                                                                • DestroyEnvironmentBlock.USERENV(00000000), ref: 007A1563
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Process$BlockCreateEnvironment$CloseCurrentDestroyHandleLogonOpenTokenWith
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 1413079979-0
                                                                                                                                                                                                                                                • Opcode ID: 7fa8a6b318b40beb8de9c44afae640ae3248a31950210506f9ec5dfd5be62aa8
                                                                                                                                                                                                                                                • Instruction ID: 3f332115b134cf9aa22f468e5cf74261d975c89b5206884071e4e1fd871f357d
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7fa8a6b318b40beb8de9c44afae640ae3248a31950210506f9ec5dfd5be62aa8
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E111297250124AEBEF128F98DD49BDE7BB9EF89754F048115FA05A20A0C379CE60DB61
                                                                                                                                                                                                                                                Function 00763382 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,00763379,00762FE5), ref: 00763390
                                                                                                                                                                                                                                                • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 0076339E
                                                                                                                                                                                                                                                • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 007633B7
                                                                                                                                                                                                                                                • SetLastError.KERNEL32(00000000,?,00763379,00762FE5), ref: 00763409
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 3852720340-0
                                                                                                                                                                                                                                                • Opcode ID: f264041a1f67e7fd8a2b7d155f0118dd13c3262dabe85d77e7cde7708c6162f3
                                                                                                                                                                                                                                                • Instruction ID: c8625e191a724a4dac0f39b2089509390c96a1e1cc35d7d86ad191ab87b35c56
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f264041a1f67e7fd8a2b7d155f0118dd13c3262dabe85d77e7cde7708c6162f3
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8C01F733609711FEEA252B75BC895672FA4FB05379720432AFD13852F1EF194D11D544
                                                                                                                                                                                                                                                Function 00772D74 Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,00775686,00783CD6,?,00000000,?,00775B6A,?,?,?,?,?,0076E6D1,?,00808A48), ref: 00772D78
                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00772DAB
                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00772DD3
                                                                                                                                                                                                                                                • SetLastError.KERNEL32(00000000,?,?,?,?,0076E6D1,?,00808A48,00000010,00744F4A,?,?,00000000,00783CD6), ref: 00772DE0
                                                                                                                                                                                                                                                • SetLastError.KERNEL32(00000000,?,?,?,?,0076E6D1,?,00808A48,00000010,00744F4A,?,?,00000000,00783CD6), ref: 00772DEC
                                                                                                                                                                                                                                                • _abort.LIBCMT ref: 00772DF2
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ErrorLast$_free$_abort
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 3160817290-0
                                                                                                                                                                                                                                                • Opcode ID: 3cd87ca3071ce4674e41031c6cc94c2782d22f257974644e43ce4103912f5d9c
                                                                                                                                                                                                                                                • Instruction ID: ac5cfc5f8216954bcc4a785bf179d483367cb83c88fb4b5efd1307e6cf5c0bce
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3cd87ca3071ce4674e41031c6cc94c2782d22f257974644e43ce4103912f5d9c
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 79F0A431A05601BBCE732778BC0EA5A2669BFC27E1F24C519F83C921E7EE2C98435561
                                                                                                                                                                                                                                                Function 007D8A24 Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 00759639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00759693
                                                                                                                                                                                                                                                  • Part of subcall function 00759639: SelectObject.GDI32(?,00000000), ref: 007596A2
                                                                                                                                                                                                                                                  • Part of subcall function 00759639: BeginPath.GDI32(?), ref: 007596B9
                                                                                                                                                                                                                                                  • Part of subcall function 00759639: SelectObject.GDI32(?,00000000), ref: 007596E2
                                                                                                                                                                                                                                                • MoveToEx.GDI32(?,-00000002,00000000,00000000), ref: 007D8A4E
                                                                                                                                                                                                                                                • LineTo.GDI32(?,00000003,00000000), ref: 007D8A62
                                                                                                                                                                                                                                                • MoveToEx.GDI32(?,00000000,-00000002,00000000), ref: 007D8A70
                                                                                                                                                                                                                                                • LineTo.GDI32(?,00000000,00000003), ref: 007D8A80
                                                                                                                                                                                                                                                • EndPath.GDI32(?), ref: 007D8A90
                                                                                                                                                                                                                                                • StrokePath.GDI32(?), ref: 007D8AA0
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Path$LineMoveObjectSelect$BeginCreateStroke
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 43455801-0
                                                                                                                                                                                                                                                • Opcode ID: a03b135ddb4a8bb93369b990d5d5fcfaf9b6f2de988f294a434293126eda922a
                                                                                                                                                                                                                                                • Instruction ID: de166be223cb0028deffe274cd990c4176408beed0083179404e15192c192f87
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a03b135ddb4a8bb93369b990d5d5fcfaf9b6f2de988f294a434293126eda922a
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2811F37600114DFFEF129F90EC88EAA7F6CEB08350F00C022FA199A1A1C7769D55DBA0
                                                                                                                                                                                                                                                Function 007A51FD Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetDC.USER32(00000000), ref: 007A5218
                                                                                                                                                                                                                                                • GetDeviceCaps.GDI32(00000000,00000058), ref: 007A5229
                                                                                                                                                                                                                                                • GetDeviceCaps.GDI32(00000000,0000005A), ref: 007A5230
                                                                                                                                                                                                                                                • ReleaseDC.USER32(00000000,00000000), ref: 007A5238
                                                                                                                                                                                                                                                • MulDiv.KERNEL32(000009EC,?,00000000), ref: 007A524F
                                                                                                                                                                                                                                                • MulDiv.KERNEL32(000009EC,00000001,?), ref: 007A5261
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CapsDevice$Release
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 1035833867-0
                                                                                                                                                                                                                                                • Opcode ID: 3880731f309b844046196168c9bcf3504467489aa4e72554a0225743ac94c1dc
                                                                                                                                                                                                                                                • Instruction ID: 43121deb36adfddd1db394a9667ca109e6f1e3fde0f3b6652fa456ed7b038873
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3880731f309b844046196168c9bcf3504467489aa4e72554a0225743ac94c1dc
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8D018FB5A01719BBEB119BA59C49B4EBFB8FF48351F088166FA04A7280D674D800CBA5
                                                                                                                                                                                                                                                Function 00741BC3 Relevance: 9.0, APIs: 6, Instructions: 44keyboardCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • MapVirtualKeyW.USER32(0000005B,00000000), ref: 00741BF4
                                                                                                                                                                                                                                                • MapVirtualKeyW.USER32(00000010,00000000), ref: 00741BFC
                                                                                                                                                                                                                                                • MapVirtualKeyW.USER32(000000A0,00000000), ref: 00741C07
                                                                                                                                                                                                                                                • MapVirtualKeyW.USER32(000000A1,00000000), ref: 00741C12
                                                                                                                                                                                                                                                • MapVirtualKeyW.USER32(00000011,00000000), ref: 00741C1A
                                                                                                                                                                                                                                                • MapVirtualKeyW.USER32(00000012,00000000), ref: 00741C22
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Virtual
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 4278518827-0
                                                                                                                                                                                                                                                • Opcode ID: b822f699d6d1558b43cee443de3439b2a9ae71caeffac3a072ca49a7d266e236
                                                                                                                                                                                                                                                • Instruction ID: edb945f172e8001103454b6b430d2645cb302497af60e1c53ba6441d0ed51147
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b822f699d6d1558b43cee443de3439b2a9ae71caeffac3a072ca49a7d266e236
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: ED0167B0902B5ABDE3008F6A8C85B52FFB8FF19354F00415BA15C4BA42C7F5A864CBE5
                                                                                                                                                                                                                                                Function 007AEB20 Relevance: 9.0, APIs: 6, Instructions: 42windowtimethreadCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • PostMessageW.USER32(?,00000010,00000000,00000000), ref: 007AEB30
                                                                                                                                                                                                                                                • SendMessageTimeoutW.USER32(?,00000010,00000000,00000000,00000002,000001F4,?), ref: 007AEB46
                                                                                                                                                                                                                                                • GetWindowThreadProcessId.USER32(?,?), ref: 007AEB55
                                                                                                                                                                                                                                                • OpenProcess.KERNEL32(001F0FFF,00000000,?,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 007AEB64
                                                                                                                                                                                                                                                • TerminateProcess.KERNEL32(00000000,00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 007AEB6E
                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 007AEB75
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 839392675-0
                                                                                                                                                                                                                                                • Opcode ID: af2d64760165d4561ca64144bc37f5e1d6ce2e36d96c01092a0bbbd2907aaa02
                                                                                                                                                                                                                                                • Instruction ID: e9602502c5121a624ec2a24cd0156eede0ec282d4205438f4d1f1da186647389
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: af2d64760165d4561ca64144bc37f5e1d6ce2e36d96c01092a0bbbd2907aaa02
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9BF05B72142159BBD72257529C0DEEF7F7CEFC7B11F004159F501D1091D7A55A01C6B9
                                                                                                                                                                                                                                                Function 00797439 Relevance: 9.0, APIs: 6, Instructions: 37windowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetClientRect.USER32(?), ref: 00797452
                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001328,00000000,?), ref: 00797469
                                                                                                                                                                                                                                                • GetWindowDC.USER32(?), ref: 00797475
                                                                                                                                                                                                                                                • GetPixel.GDI32(00000000,?,?), ref: 00797484
                                                                                                                                                                                                                                                • ReleaseDC.USER32(?,00000000), ref: 00797496
                                                                                                                                                                                                                                                • GetSysColor.USER32(00000005), ref: 007974B0
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ClientColorMessagePixelRectReleaseSendWindow
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 272304278-0
                                                                                                                                                                                                                                                • Opcode ID: be3843df76e4c244d884c439ad11378840e2fca4ca4586a7a840ddcc96bda4c3
                                                                                                                                                                                                                                                • Instruction ID: d8bff15ed9352f4356b32b8819391e0019387bad5a8e0e9500aa08e96e9f9445
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: be3843df76e4c244d884c439ad11378840e2fca4ca4586a7a840ddcc96bda4c3
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B0018B31405216EFDB125FA4EC08BEE7BB5FF04311F2081A1FA16A21B1CB391E51EB14
                                                                                                                                                                                                                                                Function 007A1874 Relevance: 9.0, APIs: 6, Instructions: 23memorysynchronizationCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • WaitForSingleObject.KERNEL32(?,000000FF), ref: 007A187F
                                                                                                                                                                                                                                                • UnloadUserProfile.USERENV(?,?), ref: 007A188B
                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 007A1894
                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 007A189C
                                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,?), ref: 007A18A5
                                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000), ref: 007A18AC
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 146765662-0
                                                                                                                                                                                                                                                • Opcode ID: 1c8770afec7bb77a27627ef8ef9c9434dbd580215ea4a3d1dc38afcf315f83c2
                                                                                                                                                                                                                                                • Instruction ID: babdcfd8096cdd8f3d70878f44cf3d59f9716c4d079eee183f305655b569970e
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1c8770afec7bb77a27627ef8ef9c9434dbd580215ea4a3d1dc38afcf315f83c2
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BEE0E576045116FBDB026FA1ED0C90ABF39FF49B22B10C222F225810B0CB369820DF58
                                                                                                                                                                                                                                                Function 007C7B7E Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 230COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 00760242: EnterCriticalSection.KERNEL32(0081070C,00811884,?,?,0075198B,00812518,?,?,?,007412F9,00000000), ref: 0076024D
                                                                                                                                                                                                                                                  • Part of subcall function 00760242: LeaveCriticalSection.KERNEL32(0081070C,?,0075198B,00812518,?,?,?,007412F9,00000000), ref: 0076028A
                                                                                                                                                                                                                                                  • Part of subcall function 00749CB3: _wcslen.LIBCMT ref: 00749CBD
                                                                                                                                                                                                                                                  • Part of subcall function 007600A3: __onexit.LIBCMT ref: 007600A9
                                                                                                                                                                                                                                                • __Init_thread_footer.LIBCMT ref: 007C7BFB
                                                                                                                                                                                                                                                  • Part of subcall function 007601F8: EnterCriticalSection.KERNEL32(0081070C,?,?,00758747,00812514), ref: 00760202
                                                                                                                                                                                                                                                  • Part of subcall function 007601F8: LeaveCriticalSection.KERNEL32(0081070C,?,00758747,00812514), ref: 00760235
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CriticalSection$EnterLeave$Init_thread_footer__onexit_wcslen
                                                                                                                                                                                                                                                • String ID: +Ty$5$G$Variable must be of type 'Object'.
                                                                                                                                                                                                                                                • API String ID: 535116098-3104342744
                                                                                                                                                                                                                                                • Opcode ID: c21bb4cc4c5ea9217f59ff12b0ca867fd8de02feac28df39c4eada047eae4904
                                                                                                                                                                                                                                                • Instruction ID: 38dd022bac30000e3401761fb92b95f8dc40bf2a07e98ad2cae9b46616bd5c55
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c21bb4cc4c5ea9217f59ff12b0ca867fd8de02feac28df39c4eada047eae4904
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 00916A70A04209EFCB18EF94D895EADB7B5FF48300F14805DF8069B292DB79AE45DB61
                                                                                                                                                                                                                                                Function 007AC5D0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 191windowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 00747620: _wcslen.LIBCMT ref: 00747625
                                                                                                                                                                                                                                                • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 007AC6EE
                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 007AC735
                                                                                                                                                                                                                                                • SetMenuItemInfoW.USER32(?,?,00000000,?), ref: 007AC79C
                                                                                                                                                                                                                                                • SetMenuDefaultItem.USER32(?,000000FF,00000000), ref: 007AC7CA
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ItemMenu$Info_wcslen$Default
                                                                                                                                                                                                                                                • String ID: 0
                                                                                                                                                                                                                                                • API String ID: 1227352736-4108050209
                                                                                                                                                                                                                                                • Opcode ID: f7cbab4022141baa46c6dcfa84ebed7e9196a75e120f4c809500622d2d77b096
                                                                                                                                                                                                                                                • Instruction ID: ebfc4c03f2379d76c6b8ff47fdae5399bbf98289a6c42439228aa86c6d2c8350
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f7cbab4022141baa46c6dcfa84ebed7e9196a75e120f4c809500622d2d77b096
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3551A071605301ABD716DF28C889AAA77E8AF8A310F040B29F9A5D6191DB7CD944CF92
                                                                                                                                                                                                                                                Function 007CAD64 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 176COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • ShellExecuteExW.SHELL32(0000003C), ref: 007CAEA3
                                                                                                                                                                                                                                                  • Part of subcall function 00747620: _wcslen.LIBCMT ref: 00747625
                                                                                                                                                                                                                                                • GetProcessId.KERNEL32(00000000), ref: 007CAF38
                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 007CAF67
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CloseExecuteHandleProcessShell_wcslen
                                                                                                                                                                                                                                                • String ID: <$@
                                                                                                                                                                                                                                                • API String ID: 146682121-1426351568
                                                                                                                                                                                                                                                • Opcode ID: c4b4d459c0a023d5b6933050ab24733515ead5126c17428939353946039baf9c
                                                                                                                                                                                                                                                • Instruction ID: b7e4e795074fd2c19fbb62e1ed03c8a557763b89b7ac270a4d0896b8abfaf5b3
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c4b4d459c0a023d5b6933050ab24733515ead5126c17428939353946039baf9c
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7A713671A00619EFCB14DF54C489A9EBBF0EF08315F04849DE816AB362C779ED45CB91
                                                                                                                                                                                                                                                Function 007A719E Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 120comlibraryloaderCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • CoCreateInstance.OLE32(?,00000000,00000005,?,?,?,?,?,?,?,?,?,?,?), ref: 007A7206
                                                                                                                                                                                                                                                • SetErrorMode.KERNEL32(00000001,?,?,?,?,?,?,?,?,?), ref: 007A723C
                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(?,DllGetClassObject), ref: 007A724D
                                                                                                                                                                                                                                                • SetErrorMode.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 007A72CF
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ErrorMode$AddressCreateInstanceProc
                                                                                                                                                                                                                                                • String ID: DllGetClassObject
                                                                                                                                                                                                                                                • API String ID: 753597075-1075368562
                                                                                                                                                                                                                                                • Opcode ID: 60c0d546eccaef426958c5f656a6a74fda64925a51b4e95b670df4ef567fdf15
                                                                                                                                                                                                                                                • Instruction ID: e6bd059d903f6d9178be62f5ed4472c3a959ae22a84694eb84d1bc7d4ebc9341
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 60c0d546eccaef426958c5f656a6a74fda64925a51b4e95b670df4ef567fdf15
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D1419DB1604204EFDB19CF54CC84B9A7BB9FF89310F1481AABD059F24AD7B9D941CBA0
                                                                                                                                                                                                                                                Function 007D3D7C Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 101windowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 007D3E35
                                                                                                                                                                                                                                                • IsMenu.USER32(?), ref: 007D3E4A
                                                                                                                                                                                                                                                • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 007D3E92
                                                                                                                                                                                                                                                • DrawMenuBar.USER32 ref: 007D3EA5
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Menu$Item$DrawInfoInsert
                                                                                                                                                                                                                                                • String ID: 0
                                                                                                                                                                                                                                                • API String ID: 3076010158-4108050209
                                                                                                                                                                                                                                                • Opcode ID: 5863711f9116621e7e23b97c5ed989993ac7b2a0065825c759a4c3a1efb40777
                                                                                                                                                                                                                                                • Instruction ID: 1fb4da4cf60b5ef82fd2e4f11bba343f4a7f0b2a6f7af6913e078abf76bd4c36
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5863711f9116621e7e23b97c5ed989993ac7b2a0065825c759a4c3a1efb40777
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 18414875A01209EFDB10DF50D984AEABBB9FF49350F04812AE915A7390D738AE54CFA1
                                                                                                                                                                                                                                                Function 007A1DE2 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 93windowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 00749CB3: _wcslen.LIBCMT ref: 00749CBD
                                                                                                                                                                                                                                                  • Part of subcall function 007A3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 007A3CCA
                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000188,00000000,00000000), ref: 007A1E66
                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000018A,00000000,00000000), ref: 007A1E79
                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000189,?,00000000), ref: 007A1EA9
                                                                                                                                                                                                                                                  • Part of subcall function 00746B57: _wcslen.LIBCMT ref: 00746B6A
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: MessageSend$_wcslen$ClassName
                                                                                                                                                                                                                                                • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                • API String ID: 2081771294-1403004172
                                                                                                                                                                                                                                                • Opcode ID: 6484cade3ddfa1cea225eb864bce57b7aa7c681967191cd89694bd2dac5e09e9
                                                                                                                                                                                                                                                • Instruction ID: cf4a975311e7fa21646a193aae75e1cdabe8f90ca17284e9e3b465e2de716096
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6484cade3ddfa1cea225eb864bce57b7aa7c681967191cd89694bd2dac5e09e9
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3221F371A01104AAEB14AB64DC4ACFFB7B9EF86360F544219F825A72E1DB3C4909C660
                                                                                                                                                                                                                                                Function 007CC9EA Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 91COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: _wcslen
                                                                                                                                                                                                                                                • String ID: HKEY_LOCAL_MACHINE$HKLM
                                                                                                                                                                                                                                                • API String ID: 176396367-4004644295
                                                                                                                                                                                                                                                • Opcode ID: 94fb1a8e9e299f0c08d3af19970734f6738820adf07974fd161439c236195154
                                                                                                                                                                                                                                                • Instruction ID: c863395a7c3e524d82d6bdeb07598dde759bb7d8113b862c9198ee4915f189d0
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 94fb1a8e9e299f0c08d3af19970734f6738820adf07974fd161439c236195154
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9C312B33A005698BCB22DF6C8848ABF3391AB61750B05C02DED5EAB345E679DD44C3A0
                                                                                                                                                                                                                                                Function 007D2F17 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 78windowlibraryCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000467,00000000,?), ref: 007D2F8D
                                                                                                                                                                                                                                                • LoadLibraryW.KERNEL32(?), ref: 007D2F94
                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000467,00000000,00000000), ref: 007D2FA9
                                                                                                                                                                                                                                                • DestroyWindow.USER32(?), ref: 007D2FB1
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: MessageSend$DestroyLibraryLoadWindow
                                                                                                                                                                                                                                                • String ID: SysAnimate32
                                                                                                                                                                                                                                                • API String ID: 3529120543-1011021900
                                                                                                                                                                                                                                                • Opcode ID: ab68b027873758c0d7ae5793f7af99a7ca72c6a0f9c36269e3823c0c0b6bc7f6
                                                                                                                                                                                                                                                • Instruction ID: 27d57ccb12b5064d67aa8d868dc7fd05b19d66b55f2cb6fecbb267c8fd05929c
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ab68b027873758c0d7ae5793f7af99a7ca72c6a0f9c36269e3823c0c0b6bc7f6
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AC21DC71204209ABEB114F64DC84EBB37BDEF69324F104A2AFA50D22A1C779DC43A760
                                                                                                                                                                                                                                                Function 00764D6D Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,00764D1E,007728E9,?,00764CBE,007728E9,008088B8,0000000C,00764E15,007728E9,00000002), ref: 00764D8D
                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00764DA0
                                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000,?,?,?,00764D1E,007728E9,?,00764CBE,007728E9,008088B8,0000000C,00764E15,007728E9,00000002,00000000), ref: 00764DC3
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                                                • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                                                • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                                                • Opcode ID: b314b2654393ca675f7784a21c8bf91223667d4041d0ce49a3c5257456798226
                                                                                                                                                                                                                                                • Instruction ID: e55967e1f42858c621d7cfa243f6dbc060b6b62b928de6a115a3b56b4694fa79
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b314b2654393ca675f7784a21c8bf91223667d4041d0ce49a3c5257456798226
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 21F0AF70A01219FBDB119F90DC09BAEBBB9EF44751F0041A5FD06A2260CF795980CAD4
                                                                                                                                                                                                                                                Function 0079D3A0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 29libraryloaderCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • LoadLibraryA.KERNEL32 ref: 0079D3AD
                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,GetSystemWow64DirectoryW), ref: 0079D3BF
                                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000), ref: 0079D3E5
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                                                • String ID: GetSystemWow64DirectoryW$X64
                                                                                                                                                                                                                                                • API String ID: 145871493-2590602151
                                                                                                                                                                                                                                                • Opcode ID: aa78f420f0cb8bd3cc40cf314fd1119f9f3df3ae5c16064ff5bb9674b2f067bd
                                                                                                                                                                                                                                                • Instruction ID: 0812f13e3e0c7af38a5250b6d9d900fb472f22553fb3c2fffe5cdfb24611a4fc
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: aa78f420f0cb8bd3cc40cf314fd1119f9f3df3ae5c16064ff5bb9674b2f067bd
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C8F055B1802A22CBDF362720AC089A93325BF10703B94C15AFC02E2244DB6CCD44C683
                                                                                                                                                                                                                                                Function 00744E90 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 24libraryloaderCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • LoadLibraryA.KERNEL32(kernel32.dll,?,?,00744EDD,?,00811418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00744E9C
                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00744EAE
                                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000,?,?,00744EDD,?,00811418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00744EC0
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                                                • String ID: Wow64DisableWow64FsRedirection$kernel32.dll
                                                                                                                                                                                                                                                • API String ID: 145871493-3689287502
                                                                                                                                                                                                                                                • Opcode ID: 991d727f47445d8fc3a23e11a55ad59d199a3bc84ef9a7ca87a700e3d7ad7bdb
                                                                                                                                                                                                                                                • Instruction ID: da920e3ec20fed0b1948b72f3d1617bc7cb90a9bf9e1aa59db22959fd3c6bda8
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 991d727f47445d8fc3a23e11a55ad59d199a3bc84ef9a7ca87a700e3d7ad7bdb
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8EE08C76A02633ABD2331B25AC1CB6B6668AF81B62B094216FC00E2250DF6CCD02D0A4
                                                                                                                                                                                                                                                Function 00744E59 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 22libraryloaderCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • LoadLibraryA.KERNEL32(kernel32.dll,?,?,00783CDE,?,00811418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00744E62
                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00744E74
                                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000,?,?,00783CDE,?,00811418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00744E87
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                                                • String ID: Wow64RevertWow64FsRedirection$kernel32.dll
                                                                                                                                                                                                                                                • API String ID: 145871493-1355242751
                                                                                                                                                                                                                                                • Opcode ID: dbe1277d292679a0c1db1e56f2cf4e0813247b63c274914aed3d2df6db0da42d
                                                                                                                                                                                                                                                • Instruction ID: 4bd4072f653790e49ddef6b2023c0e9621d739c9c42c1e26b40d2643ae1ec75c
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: dbe1277d292679a0c1db1e56f2cf4e0813247b63c274914aed3d2df6db0da42d
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F2D0C271503633578A231B246C08E8B6B2CAF81B113054213B800E3250CF2DCD01D1D4
                                                                                                                                                                                                                                                Function 007B2947 Relevance: 7.8, APIs: 5, Instructions: 313fileCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 007B2C05
                                                                                                                                                                                                                                                • DeleteFileW.KERNEL32(?), ref: 007B2C87
                                                                                                                                                                                                                                                • CopyFileW.KERNEL32(?,?,00000000,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 007B2C9D
                                                                                                                                                                                                                                                • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 007B2CAE
                                                                                                                                                                                                                                                • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 007B2CC0
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: File$Delete$Copy
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 3226157194-0
                                                                                                                                                                                                                                                • Opcode ID: 1daefbb2bdbfbebb6080226d09898070acb82d8a8a837f7b8bea6ae1e21c5ae6
                                                                                                                                                                                                                                                • Instruction ID: b1f01462a2f64032fe0b3e4c560106ca4b19abf41ca3214b877487e1e1460c53
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1daefbb2bdbfbebb6080226d09898070acb82d8a8a837f7b8bea6ae1e21c5ae6
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BAB14072D01119EBDF21DBA4CC89EDE7B7DEF48350F1040A6FA09E6152EB389A458F61
                                                                                                                                                                                                                                                Function 007CA387 Relevance: 7.8, APIs: 5, Instructions: 256COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetCurrentProcessId.KERNEL32 ref: 007CA427
                                                                                                                                                                                                                                                • OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 007CA435
                                                                                                                                                                                                                                                • GetProcessIoCounters.KERNEL32(00000000,?), ref: 007CA468
                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 007CA63D
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Process$CloseCountersCurrentHandleOpen
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 3488606520-0
                                                                                                                                                                                                                                                • Opcode ID: 6a64d554fb2bd548c9ad55f050a82d53bb6e274951af242af4aa57534bc5cf95
                                                                                                                                                                                                                                                • Instruction ID: 51c3b47ef97d330027a1c9012c008b4d4c195774e89c2a1a284a88ae56205a51
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6a64d554fb2bd548c9ad55f050a82d53bb6e274951af242af4aa57534bc5cf95
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 13A1C071604301AFD720DF24C886F2AB7E1AF84714F14881DF95A9B392D7B9EC45CB82
                                                                                                                                                                                                                                                Function 007AE3FB Relevance: 7.7, APIs: 5, Instructions: 167filestringCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 007ADDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,007ACF22,?), ref: 007ADDFD
                                                                                                                                                                                                                                                  • Part of subcall function 007ADDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,007ACF22,?), ref: 007ADE16
                                                                                                                                                                                                                                                  • Part of subcall function 007AE199: GetFileAttributesW.KERNEL32(?,007ACF95), ref: 007AE19A
                                                                                                                                                                                                                                                • lstrcmpiW.KERNEL32(?,?), ref: 007AE473
                                                                                                                                                                                                                                                • MoveFileW.KERNEL32(?,?), ref: 007AE4AC
                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 007AE5EB
                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 007AE603
                                                                                                                                                                                                                                                • SHFileOperationW.SHELL32(?,?,?,?,?,?), ref: 007AE650
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: File$FullNamePath_wcslen$AttributesMoveOperationlstrcmpi
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 3183298772-0
                                                                                                                                                                                                                                                • Opcode ID: d0005f1088ffdc18f89bf75329e58c71bd7877473e3fcbe6f1c0b5a935b696ae
                                                                                                                                                                                                                                                • Instruction ID: b735e0d4809d54d457c57c215005b772ea8894a44b99e25dad0f44238a786d0a
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d0005f1088ffdc18f89bf75329e58c71bd7877473e3fcbe6f1c0b5a935b696ae
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BF5153B25083859BC724DBA4DC859DBB3ECAFC5340F004A1EF689D3151EF78A6888766
                                                                                                                                                                                                                                                Function 007CB9C9 Relevance: 7.7, APIs: 5, Instructions: 167registryCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 00749CB3: _wcslen.LIBCMT ref: 00749CBD
                                                                                                                                                                                                                                                  • Part of subcall function 007CC998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,007CB6AE,?,?), ref: 007CC9B5
                                                                                                                                                                                                                                                  • Part of subcall function 007CC998: _wcslen.LIBCMT ref: 007CC9F1
                                                                                                                                                                                                                                                  • Part of subcall function 007CC998: _wcslen.LIBCMT ref: 007CCA68
                                                                                                                                                                                                                                                  • Part of subcall function 007CC998: _wcslen.LIBCMT ref: 007CCA9E
                                                                                                                                                                                                                                                • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 007CBAA5
                                                                                                                                                                                                                                                • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 007CBB00
                                                                                                                                                                                                                                                • RegEnumKeyExW.ADVAPI32(?,-00000001,?,?,00000000,00000000,00000000,?), ref: 007CBB63
                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?,?), ref: 007CBBA6
                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(00000000), ref: 007CBBB3
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpper
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 826366716-0
                                                                                                                                                                                                                                                • Opcode ID: d6011a14d4c4871c4ea7cf1ed9517e7829d7d7391c827fad029244aef2c084c6
                                                                                                                                                                                                                                                • Instruction ID: 42a35cc8ed97fc9793313aceebe5547b8cbf2ef7510729fabd3bda86e4cb55d4
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d6011a14d4c4871c4ea7cf1ed9517e7829d7d7391c827fad029244aef2c084c6
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4B616A71208241EFD714DF24C895F2ABBE5BF84308F14855DF4998B2A2DB39ED45CB92
                                                                                                                                                                                                                                                Function 007A8BB0 Relevance: 7.7, APIs: 5, Instructions: 159COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • VariantInit.OLEAUT32(?), ref: 007A8BCD
                                                                                                                                                                                                                                                • VariantClear.OLEAUT32 ref: 007A8C3E
                                                                                                                                                                                                                                                • VariantClear.OLEAUT32 ref: 007A8C9D
                                                                                                                                                                                                                                                • VariantClear.OLEAUT32(?), ref: 007A8D10
                                                                                                                                                                                                                                                • VariantChangeType.OLEAUT32(?,?,00000000,00000013), ref: 007A8D3B
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Variant$Clear$ChangeInitType
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 4136290138-0
                                                                                                                                                                                                                                                • Opcode ID: 10cb533c91ec0149581d1a8063b87d786ad21f230b6baec95952054d06ffd88a
                                                                                                                                                                                                                                                • Instruction ID: 72a3dc3865a3ba5369ca2456bd9640de8d9b776be38fe8032744e0ae30d5ca49
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 10cb533c91ec0149581d1a8063b87d786ad21f230b6baec95952054d06ffd88a
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8F515AB5A00219EFCB14CF68C894AAABBF8FF8D310B158559E915DB350E734E911CFA0
                                                                                                                                                                                                                                                Function 007B8AFB Relevance: 7.6, APIs: 5, Instructions: 143COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetPrivateProfileSectionW.KERNEL32(00000003,?,00007FFF,?), ref: 007B8BAE
                                                                                                                                                                                                                                                • GetPrivateProfileSectionW.KERNEL32(?,00000003,00000003,?), ref: 007B8BDA
                                                                                                                                                                                                                                                • WritePrivateProfileSectionW.KERNEL32(?,?,?), ref: 007B8C32
                                                                                                                                                                                                                                                • WritePrivateProfileStringW.KERNEL32(00000003,00000000,00000000,?), ref: 007B8C57
                                                                                                                                                                                                                                                • WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 007B8C5F
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: PrivateProfile$SectionWrite$String
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2832842796-0
                                                                                                                                                                                                                                                • Opcode ID: 6247fef120f1febf61f4a17c00122ef91cf994beb995b70c2cfed739d1c66ac7
                                                                                                                                                                                                                                                • Instruction ID: 310984efff1746431467b8313e459f53787c9dcc1640f92685b0648672939474
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6247fef120f1febf61f4a17c00122ef91cf994beb995b70c2cfed739d1c66ac7
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 13515D75A00215DFCB05DF64C885AADBBF5FF48314F088499E849AB362CB39ED51CBA1
                                                                                                                                                                                                                                                Function 007C8EE4 Relevance: 7.6, APIs: 5, Instructions: 143libraryloaderCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • LoadLibraryW.KERNEL32(?,00000000,?), ref: 007C8F40
                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,?), ref: 007C8FD0
                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,00000000), ref: 007C8FEC
                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,?), ref: 007C9032
                                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000), ref: 007C9052
                                                                                                                                                                                                                                                  • Part of subcall function 0075F6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,00000000,?,?,?,007B1043,?,753CE610), ref: 0075F6E6
                                                                                                                                                                                                                                                  • Part of subcall function 0075F6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,0079FA64,00000000,00000000,?,?,007B1043,?,753CE610,?,0079FA64), ref: 0075F70D
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: AddressProc$ByteCharLibraryMultiWide$FreeLoad
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 666041331-0
                                                                                                                                                                                                                                                • Opcode ID: 638eb81ec4a69e281646d7bcc9fc0338e84b36c033590081f68524b22d6ca849
                                                                                                                                                                                                                                                • Instruction ID: 846cd510ca1f02b253d49bd22f3b50ec85f1b22b26fa364ed65382fe08b53013
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 638eb81ec4a69e281646d7bcc9fc0338e84b36c033590081f68524b22d6ca849
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2F512A35601205DFC755DF58C488DADBBB1FF49314B08809DE909AB362DB39ED85CB91
                                                                                                                                                                                                                                                Function 007D6B76 Relevance: 7.6, APIs: 5, Instructions: 131windowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • SetWindowLongW.USER32(00000002,000000F0,?), ref: 007D6C33
                                                                                                                                                                                                                                                • SetWindowLongW.USER32(?,000000EC,?), ref: 007D6C4A
                                                                                                                                                                                                                                                • SendMessageW.USER32(00000002,00001036,00000000,?), ref: 007D6C73
                                                                                                                                                                                                                                                • ShowWindow.USER32(00000002,00000000,00000002,00000002,?,?,?,?,?,?,?,007BAB79,00000000,00000000), ref: 007D6C98
                                                                                                                                                                                                                                                • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000027,00000002,?,00000001,00000002,00000002,?,?,?), ref: 007D6CC7
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Window$Long$MessageSendShow
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 3688381893-0
                                                                                                                                                                                                                                                • Opcode ID: b7da0600c87fcd4e02dbc6fbbac7de7ca996dc89a412ce1749cd32779ee2fa0a
                                                                                                                                                                                                                                                • Instruction ID: 3b30266c3a92b81999554906aa459b40519381fcfb799c49d2475dcc24d48410
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b7da0600c87fcd4e02dbc6fbbac7de7ca996dc89a412ce1749cd32779ee2fa0a
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2D41D075A10104AFDB25CF28CD58FA97BB5EB09360F14426AF999A73E0C379FD40CA60
                                                                                                                                                                                                                                                Function 00772051 Relevance: 7.6, APIs: 5, Instructions: 129COMMONLIBRARYCODE
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: _free
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 269201875-0
                                                                                                                                                                                                                                                • Opcode ID: 1dd8d4c596ac4efbc96c4fb2ea4058a4d08dc18627d41db69bc1ddfa7735e7cb
                                                                                                                                                                                                                                                • Instruction ID: c9e01edec0e2cd25a8ea6c897854466f40b8ac5d9f8bca726f9265f24b8348b9
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1dd8d4c596ac4efbc96c4fb2ea4058a4d08dc18627d41db69bc1ddfa7735e7cb
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5841D432A00204DFCF20DF78C885A5DB3E5FF89354F1585A8E929EB352D635AD02CB91
                                                                                                                                                                                                                                                Function 0075912D Relevance: 7.6, APIs: 5, Instructions: 121keyboardCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetCursorPos.USER32(?), ref: 00759141
                                                                                                                                                                                                                                                • ScreenToClient.USER32(00000000,?), ref: 0075915E
                                                                                                                                                                                                                                                • GetAsyncKeyState.USER32(00000001), ref: 00759183
                                                                                                                                                                                                                                                • GetAsyncKeyState.USER32(00000002), ref: 0075919D
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: AsyncState$ClientCursorScreen
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 4210589936-0
                                                                                                                                                                                                                                                • Opcode ID: fc898820894bad8e10dcb1251edfd00f6e423518e54488a647ae38ffc2ca4402
                                                                                                                                                                                                                                                • Instruction ID: f6b50a7550361e590c7a10a6968d02ef67b70fc9e7bf1e3283e35a50b30a08d6
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: fc898820894bad8e10dcb1251edfd00f6e423518e54488a647ae38ffc2ca4402
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1041903190861BFBDF099F68D848BEEB774FB45321F208216E929A3290C7785D54CB51
                                                                                                                                                                                                                                                Function 007B3874 Relevance: 7.6, APIs: 5, Instructions: 101windowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetInputState.USER32 ref: 007B38CB
                                                                                                                                                                                                                                                • TranslateAcceleratorW.USER32(?,00000000,?), ref: 007B3922
                                                                                                                                                                                                                                                • TranslateMessage.USER32(?), ref: 007B394B
                                                                                                                                                                                                                                                • DispatchMessageW.USER32(?), ref: 007B3955
                                                                                                                                                                                                                                                • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 007B3966
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Message$Translate$AcceleratorDispatchInputPeekState
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2256411358-0
                                                                                                                                                                                                                                                • Opcode ID: c064d3c66c2ff504389d6af6bb30713e89c4566319f72fad43059748f752dea3
                                                                                                                                                                                                                                                • Instruction ID: 1c4a0c3e1b291ad0be3524edbe05630f92a6f0af156ba6c91ee2b2f80d10d9ef
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c064d3c66c2ff504389d6af6bb30713e89c4566319f72fad43059748f752dea3
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 93318670504342EEEF25CB34984CBF67BA8AF05308F14856EE566C21A0E7BCB6C5CB21
                                                                                                                                                                                                                                                Function 007BCF1A Relevance: 7.6, APIs: 5, Instructions: 93networkfileCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • InternetQueryDataAvailable.WININET(?,?,00000000,00000000,00000000,?,00000000,?,?,?,007BC21E,00000000), ref: 007BCF38
                                                                                                                                                                                                                                                • InternetReadFile.WININET(?,00000000,?,?), ref: 007BCF6F
                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,00000000,?,?,?,007BC21E,00000000), ref: 007BCFB4
                                                                                                                                                                                                                                                • SetEvent.KERNEL32(?,?,00000000,?,?,?,007BC21E,00000000), ref: 007BCFC8
                                                                                                                                                                                                                                                • SetEvent.KERNEL32(?,?,00000000,?,?,?,007BC21E,00000000), ref: 007BCFF2
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: EventInternet$AvailableDataErrorFileLastQueryRead
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 3191363074-0
                                                                                                                                                                                                                                                • Opcode ID: 4244a107689caae0ec81e1fb61a63b8c590e7962c3a33489d08830ad1441475e
                                                                                                                                                                                                                                                • Instruction ID: bb671d7bc203ebd3763e6f3ec239edd13ea4cdd7fc5aa7d2955490c5376e2c4b
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4244a107689caae0ec81e1fb61a63b8c590e7962c3a33489d08830ad1441475e
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 92315072600206EFDB21DFA5C884AFBBBF9EB14351B10846EF506D2140D738EE41DB60
                                                                                                                                                                                                                                                Function 007A1901 Relevance: 7.6, APIs: 5, Instructions: 93sleepwindowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetWindowRect.USER32(?,?), ref: 007A1915
                                                                                                                                                                                                                                                • PostMessageW.USER32(00000001,00000201,00000001), ref: 007A19C1
                                                                                                                                                                                                                                                • Sleep.KERNEL32(00000000,?,?,?), ref: 007A19C9
                                                                                                                                                                                                                                                • PostMessageW.USER32(00000001,00000202,00000000), ref: 007A19DA
                                                                                                                                                                                                                                                • Sleep.KERNEL32(00000000,?,?,?,?), ref: 007A19E2
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: MessagePostSleep$RectWindow
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 3382505437-0
                                                                                                                                                                                                                                                • Opcode ID: 493cd11a47f637d37d13cad40863b0fe66c1a07e5473a7a278bf917c3ddbd977
                                                                                                                                                                                                                                                • Instruction ID: eb66a14c403c1d64585205c35cbf5553cbaaa476c8f395ad53bb4b2f21d4be5d
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 493cd11a47f637d37d13cad40863b0fe66c1a07e5473a7a278bf917c3ddbd977
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0E31BF72A00259EFDB04CFA8CD99ADE3BB5EB45315F108329F961AB2D1C774AD44CB90
                                                                                                                                                                                                                                                Function 007D5706 Relevance: 7.6, APIs: 5, Instructions: 82windowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001053,000000FF,?), ref: 007D5745
                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001074,?,00000001), ref: 007D579D
                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 007D57AF
                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 007D57BA
                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001002,00000000,?), ref: 007D5816
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: MessageSend$_wcslen
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 763830540-0
                                                                                                                                                                                                                                                • Opcode ID: 066b117a34b187929338077c8bc9ab5c1e0a15044b41f524eff6ab98dc54e444
                                                                                                                                                                                                                                                • Instruction ID: 59a5c017087467c37d0f6c3eb66f3263d3ea737e346978f36d22cf945e23da68
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 066b117a34b187929338077c8bc9ab5c1e0a15044b41f524eff6ab98dc54e444
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 81218271904618EBDB209FA4CC89EEE77B8FF04724F108257E929EA280D7789985CF51
                                                                                                                                                                                                                                                Function 007C0930 Relevance: 7.6, APIs: 5, Instructions: 69COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • IsWindow.USER32(00000000), ref: 007C0951
                                                                                                                                                                                                                                                • GetForegroundWindow.USER32 ref: 007C0968
                                                                                                                                                                                                                                                • GetDC.USER32(00000000), ref: 007C09A4
                                                                                                                                                                                                                                                • GetPixel.GDI32(00000000,?,00000003), ref: 007C09B0
                                                                                                                                                                                                                                                • ReleaseDC.USER32(00000000,00000003), ref: 007C09E8
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Window$ForegroundPixelRelease
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 4156661090-0
                                                                                                                                                                                                                                                • Opcode ID: 3e8a5ee2a11086734a5546ab7033ec627e138d4b2e9ed740ae05bbe5965270a8
                                                                                                                                                                                                                                                • Instruction ID: 48434624ef6f6de0898c4e50a8d998b1cf037b9c0b0c30ac29818accd8008a89
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3e8a5ee2a11086734a5546ab7033ec627e138d4b2e9ed740ae05bbe5965270a8
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 48214C35600214EFD704EF65C888AAEBBF5EB48700B04806DE84A97352DB38EC04CB90
                                                                                                                                                                                                                                                Function 0077CDBD Relevance: 7.6, APIs: 5, Instructions: 68COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetEnvironmentStringsW.KERNEL32 ref: 0077CDC6
                                                                                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0077CDE9
                                                                                                                                                                                                                                                  • Part of subcall function 00773820: RtlAllocateHeap.NTDLL(00000000,?,00811444,?,0075FDF5,?,?,0074A976,00000010,00811440,007413FC,?,007413C6,?,00741129), ref: 00773852
                                                                                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 0077CE0F
                                                                                                                                                                                                                                                • _free.LIBCMT ref: 0077CE22
                                                                                                                                                                                                                                                • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 0077CE31
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 336800556-0
                                                                                                                                                                                                                                                • Opcode ID: 531cb8bbae37e107b4bcbcfcc2481826c02cb1fb7ae583641e6267f42cbd76f2
                                                                                                                                                                                                                                                • Instruction ID: 89d20b4701306ddfe3ae0a883392f63016c010cff07d4c67e7b2390c29696707
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 531cb8bbae37e107b4bcbcfcc2481826c02cb1fb7ae583641e6267f42cbd76f2
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8001D8726026157F2F2316B66C4CC7B6A6DDFCABE1315812EF909C7101DAA98D0281B5
                                                                                                                                                                                                                                                Function 00759639 Relevance: 7.6, APIs: 5, Instructions: 66COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00759693
                                                                                                                                                                                                                                                • SelectObject.GDI32(?,00000000), ref: 007596A2
                                                                                                                                                                                                                                                • BeginPath.GDI32(?), ref: 007596B9
                                                                                                                                                                                                                                                • SelectObject.GDI32(?,00000000), ref: 007596E2
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ObjectSelect$BeginCreatePath
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 3225163088-0
                                                                                                                                                                                                                                                • Opcode ID: 74c0d9d35672d2e434356e148574f8dcc511d822cf8bc99b51331019d84317a8
                                                                                                                                                                                                                                                • Instruction ID: b9f903910a8fe1c36aa3605f6ba4acb79954afc5aff3f44b63de2491944b40ff
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 74c0d9d35672d2e434356e148574f8dcc511d822cf8bc99b51331019d84317a8
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 93217170802306EBDF119F24EC197E97FB9FF00316F508216FA20A61A0D3B95859CF94
                                                                                                                                                                                                                                                Function 007A5711 Relevance: 7.6, APIs: 5, Instructions: 61COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: _memcmp
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2931989736-0
                                                                                                                                                                                                                                                • Opcode ID: 8a831e1e49c872f0ce92cb2af8d97dcfb70ba1f31624919bdd85a73593f20c7d
                                                                                                                                                                                                                                                • Instruction ID: f8002dba41ab0f267e1e6c2dd6844c307dcb8a4fc8f4ed2341b8c6e60a6e59b0
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8a831e1e49c872f0ce92cb2af8d97dcfb70ba1f31624919bdd85a73593f20c7d
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0501F5A1241A09FBD21C92219D86FBB735C9BA23A4F444122FD1BBA341F72CED1082B0
                                                                                                                                                                                                                                                Function 00772DF8 Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,0076F2DE,00773863,00811444,?,0075FDF5,?,?,0074A976,00000010,00811440,007413FC,?,007413C6), ref: 00772DFD
                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00772E32
                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00772E59
                                                                                                                                                                                                                                                • SetLastError.KERNEL32(00000000,00741129), ref: 00772E66
                                                                                                                                                                                                                                                • SetLastError.KERNEL32(00000000,00741129), ref: 00772E6F
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ErrorLast$_free
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 3170660625-0
                                                                                                                                                                                                                                                • Opcode ID: 282a26ec36a7fab1dd7a91e2af018d828cf038d2c0c66be3baca3b1a9475495b
                                                                                                                                                                                                                                                • Instruction ID: 3548594e659b2899bb8c95a2ddb83d7eb5514fdbf64621cc35d94c86dfd1792e
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 282a26ec36a7fab1dd7a91e2af018d828cf038d2c0c66be3baca3b1a9475495b
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5901F432205600BBCE1327346C4ED2B266DBBC57E5B24C129F83DA22E3EFAC8C434421
                                                                                                                                                                                                                                                Function 007A000E Relevance: 7.5, APIs: 5, Instructions: 47stringCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,0079FF41,80070057,?,?,?,007A035E), ref: 007A002B
                                                                                                                                                                                                                                                • ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0079FF41,80070057,?,?), ref: 007A0046
                                                                                                                                                                                                                                                • lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0079FF41,80070057,?,?), ref: 007A0054
                                                                                                                                                                                                                                                • CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0079FF41,80070057,?), ref: 007A0064
                                                                                                                                                                                                                                                • CLSIDFromString.OLE32(?,?,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0079FF41,80070057,?,?), ref: 007A0070
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: From$Prog$FreeStringTasklstrcmpi
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 3897988419-0
                                                                                                                                                                                                                                                • Opcode ID: d19e2d3d4436644ca79fd5b791854b2ce1c20caa7437a4d52a26fd58d51a9dd2
                                                                                                                                                                                                                                                • Instruction ID: 3217f0976690e85e0fb22397107705003825099b3464cd411834b3bfed4edd8e
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d19e2d3d4436644ca79fd5b791854b2ce1c20caa7437a4d52a26fd58d51a9dd2
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6A01DF76601205BFDB114F68DC08FAB7BBEEB84351F108625F901D6210D778CD00EBA0
                                                                                                                                                                                                                                                Function 007AE97B Relevance: 7.5, APIs: 5, Instructions: 47sleepCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • QueryPerformanceCounter.KERNEL32(?), ref: 007AE997
                                                                                                                                                                                                                                                • QueryPerformanceFrequency.KERNEL32(?), ref: 007AE9A5
                                                                                                                                                                                                                                                • Sleep.KERNEL32(00000000), ref: 007AE9AD
                                                                                                                                                                                                                                                • QueryPerformanceCounter.KERNEL32(?), ref: 007AE9B7
                                                                                                                                                                                                                                                • Sleep.KERNEL32 ref: 007AE9F3
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: PerformanceQuery$CounterSleep$Frequency
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2833360925-0
                                                                                                                                                                                                                                                • Opcode ID: 537517cc9c454c83b5fc71c2e54b85907e0be5c97ff39865ba68da9605efa035
                                                                                                                                                                                                                                                • Instruction ID: 2ceacb55be12da6046ba219f16c621fd383f562b6c0b048addb6b1e82ee7b437
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 537517cc9c454c83b5fc71c2e54b85907e0be5c97ff39865ba68da9605efa035
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5E016D72C0162EDBCF00AFE5DC49AEEBB78FF4A301F004646E542B2141DB38A551C766
                                                                                                                                                                                                                                                Function 007A10F9 Relevance: 7.5, APIs: 5, Instructions: 46memoryCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 007A1114
                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,00000000,00000000,?,?,007A0B9B,?,?,?), ref: 007A1120
                                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,007A0B9B,?,?,?), ref: 007A112F
                                                                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,007A0B9B,?,?,?), ref: 007A1136
                                                                                                                                                                                                                                                • GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 007A114D
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: HeapObjectSecurityUser$AllocErrorLastProcess
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 842720411-0
                                                                                                                                                                                                                                                • Opcode ID: 4164d607fa2596d89fd39ed637875fe790ba689ac2f195803f5f7e3e5432442b
                                                                                                                                                                                                                                                • Instruction ID: b97e359f00e3bff869d3beeb9cbe998c772826392c6442a91a99e3db090f70c6
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4164d607fa2596d89fd39ed637875fe790ba689ac2f195803f5f7e3e5432442b
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C1016D7510121ABFEB124F68DC49A6A3B7EEF86364B104415FA41D3350DA35DC00DA60
                                                                                                                                                                                                                                                Function 007A0FB4 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 007A0FCA
                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 007A0FD6
                                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 007A0FE5
                                                                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 007A0FEC
                                                                                                                                                                                                                                                • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 007A1002
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 44706859-0
                                                                                                                                                                                                                                                • Opcode ID: f7aec0a28a42c1018c5a922aebb1a4cc4fb9753bba794a3466d148dbfbf88cb6
                                                                                                                                                                                                                                                • Instruction ID: ff2043449fb248e745a972f3b6cdabbcc0fbd8ae31de4b0a9e39858ed5c2e1c4
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f7aec0a28a42c1018c5a922aebb1a4cc4fb9753bba794a3466d148dbfbf88cb6
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 58F0A975201316EBEB220FA49C4AF573BBDEF8A762F508416FA45C6290CA39DC40CA60
                                                                                                                                                                                                                                                Function 007A1014 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 007A102A
                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 007A1036
                                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 007A1045
                                                                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 007A104C
                                                                                                                                                                                                                                                • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 007A1062
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 44706859-0
                                                                                                                                                                                                                                                • Opcode ID: 620eafd809f846738a0bca95291d010ff814e08801551783effcf241345ff052
                                                                                                                                                                                                                                                • Instruction ID: c33bd2539e3f06760f1043b022bf6ac699de5602f4e9beac6646aeedd09b4720
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 620eafd809f846738a0bca95291d010ff814e08801551783effcf241345ff052
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D6F0CD75201316EBEB221FA4EC49F573BBDEF8A761F104416FA45C7290CA79DC40CA60
                                                                                                                                                                                                                                                Function 007B030F Relevance: 7.5, APIs: 6, Instructions: 41COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?,?,?,?,007B017D,?,007B32FC,?,00000001,00782592,?), ref: 007B0324
                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?,?,?,?,007B017D,?,007B32FC,?,00000001,00782592,?), ref: 007B0331
                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?,?,?,?,007B017D,?,007B32FC,?,00000001,00782592,?), ref: 007B033E
                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?,?,?,?,007B017D,?,007B32FC,?,00000001,00782592,?), ref: 007B034B
                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?,?,?,?,007B017D,?,007B32FC,?,00000001,00782592,?), ref: 007B0358
                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?,?,?,?,007B017D,?,007B32FC,?,00000001,00782592,?), ref: 007B0365
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CloseHandle
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2962429428-0
                                                                                                                                                                                                                                                • Opcode ID: 3c0c8f9e84de68fb2a7aecccae44d5942b09bc1fc27f156c183cb94d61512b8c
                                                                                                                                                                                                                                                • Instruction ID: 759fa0aee292b585a9696192296795218aa0f7850137695c3b0f907035f16ac6
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3c0c8f9e84de68fb2a7aecccae44d5942b09bc1fc27f156c183cb94d61512b8c
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E601EA72800B058FCB30AF66D880943FBF9BF603053058A3FD19292930C3B4A988CF80
                                                                                                                                                                                                                                                Function 0077D73A Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • _free.LIBCMT ref: 0077D752
                                                                                                                                                                                                                                                  • Part of subcall function 007729C8: RtlFreeHeap.NTDLL(00000000,00000000,?,0077D7D1,00000000,00000000,00000000,00000000,?,0077D7F8,00000000,00000007,00000000,?,0077DBF5,00000000), ref: 007729DE
                                                                                                                                                                                                                                                  • Part of subcall function 007729C8: GetLastError.KERNEL32(00000000,?,0077D7D1,00000000,00000000,00000000,00000000,?,0077D7F8,00000000,00000007,00000000,?,0077DBF5,00000000,00000000), ref: 007729F0
                                                                                                                                                                                                                                                • _free.LIBCMT ref: 0077D764
                                                                                                                                                                                                                                                • _free.LIBCMT ref: 0077D776
                                                                                                                                                                                                                                                • _free.LIBCMT ref: 0077D788
                                                                                                                                                                                                                                                • _free.LIBCMT ref: 0077D79A
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 776569668-0
                                                                                                                                                                                                                                                • Opcode ID: 3097815084800923b136f385861c2ddcce47ced44a33bccf2525232154dec850
                                                                                                                                                                                                                                                • Instruction ID: 1455430f524fee466a417442c4d8afb472b65c396341b9ba0b40c6946ce8e1ea
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3097815084800923b136f385861c2ddcce47ced44a33bccf2525232154dec850
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: ACF04F32500304ABCA75EB78F9C5C16BBEDBF44390B988805F15CE7512C728FC818EA4
                                                                                                                                                                                                                                                Function 007A5C44 Relevance: 7.5, APIs: 5, Instructions: 40windowtimeCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,000003E9), ref: 007A5C58
                                                                                                                                                                                                                                                • GetWindowTextW.USER32(00000000,?,00000100), ref: 007A5C6F
                                                                                                                                                                                                                                                • MessageBeep.USER32(00000000), ref: 007A5C87
                                                                                                                                                                                                                                                • KillTimer.USER32(?,0000040A), ref: 007A5CA3
                                                                                                                                                                                                                                                • EndDialog.USER32(?,00000001), ref: 007A5CBD
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: BeepDialogItemKillMessageTextTimerWindow
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 3741023627-0
                                                                                                                                                                                                                                                • Opcode ID: 1fcbb4a2a2cc798271cbdaf3967bcbbc1cf9806aa33fda7b2169a911b85af3b7
                                                                                                                                                                                                                                                • Instruction ID: 2c7ddde5a6f419646ca24140c5ee7cb6e5b572622b25dcc5e70e8ef03b7342e8
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1fcbb4a2a2cc798271cbdaf3967bcbbc1cf9806aa33fda7b2169a911b85af3b7
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4801F930500B05ABEB215B10ED4EFA677B8FF01B06F00175AB583A10E0DBFCA984CBA4
                                                                                                                                                                                                                                                Function 007722A0 Relevance: 7.5, APIs: 5, Instructions: 30COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • _free.LIBCMT ref: 007722BE
                                                                                                                                                                                                                                                  • Part of subcall function 007729C8: RtlFreeHeap.NTDLL(00000000,00000000,?,0077D7D1,00000000,00000000,00000000,00000000,?,0077D7F8,00000000,00000007,00000000,?,0077DBF5,00000000), ref: 007729DE
                                                                                                                                                                                                                                                  • Part of subcall function 007729C8: GetLastError.KERNEL32(00000000,?,0077D7D1,00000000,00000000,00000000,00000000,?,0077D7F8,00000000,00000007,00000000,?,0077DBF5,00000000,00000000), ref: 007729F0
                                                                                                                                                                                                                                                • _free.LIBCMT ref: 007722D0
                                                                                                                                                                                                                                                • _free.LIBCMT ref: 007722E3
                                                                                                                                                                                                                                                • _free.LIBCMT ref: 007722F4
                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00772305
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 776569668-0
                                                                                                                                                                                                                                                • Opcode ID: 3f35b0debfff047c225e0ee25a0d46d304b781361e9c10dfa1216c940a86cbe5
                                                                                                                                                                                                                                                • Instruction ID: 30f06fd6db1b0a8b3af15ce1752853e6d78ca81def0e3b099570e934b85de955
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3f35b0debfff047c225e0ee25a0d46d304b781361e9c10dfa1216c940a86cbe5
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9FF03070401210CBCF52AF64BC06C887B68FB19790B06C61AF528E22B6CB7914939FA4
                                                                                                                                                                                                                                                Function 007595C5 Relevance: 7.5, APIs: 5, Instructions: 29COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • EndPath.GDI32(?), ref: 007595D4
                                                                                                                                                                                                                                                • StrokeAndFillPath.GDI32(?,?,007971F7,00000000,?,?,?), ref: 007595F0
                                                                                                                                                                                                                                                • SelectObject.GDI32(?,00000000), ref: 00759603
                                                                                                                                                                                                                                                • DeleteObject.GDI32 ref: 00759616
                                                                                                                                                                                                                                                • StrokePath.GDI32(?), ref: 00759631
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Path$ObjectStroke$DeleteFillSelect
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2625713937-0
                                                                                                                                                                                                                                                • Opcode ID: 62f74fb92eee5f9ada9d574ffa98d1e40830e9a0ddfb8b89d3ffff9b2bad9a91
                                                                                                                                                                                                                                                • Instruction ID: 9474e68ded18dadbb54fa95e2ecefff75a2a1b4a2477812aabd17f51ccd966d1
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 62f74fb92eee5f9ada9d574ffa98d1e40830e9a0ddfb8b89d3ffff9b2bad9a91
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9FF0F270006209EBDF225F69ED1CBE43F69BB00322F44C215EA25590F0D77989AADF24
                                                                                                                                                                                                                                                Function 00770F47 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 389COMMONLIBRARYCODE
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: __freea$_free
                                                                                                                                                                                                                                                • String ID: a/p$am/pm
                                                                                                                                                                                                                                                • API String ID: 3432400110-3206640213
                                                                                                                                                                                                                                                • Opcode ID: 979f411205de50a66f7eb3f861f11e7181bf1344811ca6c711068633371564ae
                                                                                                                                                                                                                                                • Instruction ID: 73d678c665082ca72671c1001f5c0918f88ae403486ba73cc6d5010564fdcc4d
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 979f411205de50a66f7eb3f861f11e7181bf1344811ca6c711068633371564ae
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9DD1F231A00206CADF249F6CC895BFAB7B5FF06780FA4C159E909AB651D33D9D80CB91
                                                                                                                                                                                                                                                Function 00775AA9 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 186COMMONLIBRARYCODE
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: JOt
                                                                                                                                                                                                                                                • API String ID: 0-2730833899
                                                                                                                                                                                                                                                • Opcode ID: 2368cf1b69f49d16f96b4efa2f0431cc9e5e706d1d21b33b60b57e42d15c1542
                                                                                                                                                                                                                                                • Instruction ID: 88870eb949c92c73197188597a3102ad8527542eb07841fa520d13bd3fc58987
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2368cf1b69f49d16f96b4efa2f0431cc9e5e706d1d21b33b60b57e42d15c1542
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 405191B1D0060ADFDF129FA4C849FFE7BB8AF05390F14815AF809A7291D7B99901CB61
                                                                                                                                                                                                                                                Function 00778A61 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 124COMMONLIBRARYCODE
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,00000002,00000000,?,?,?,00000000,?,?,?,?), ref: 00778B6E
                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,00000000,?,?,?,?,?,?,?,?,00000000,00001000,?), ref: 00778B7A
                                                                                                                                                                                                                                                • __dosmaperr.LIBCMT ref: 00778B81
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ByteCharErrorLastMultiWide__dosmaperr
                                                                                                                                                                                                                                                • String ID: .v
                                                                                                                                                                                                                                                • API String ID: 2434981716-281053895
                                                                                                                                                                                                                                                • Opcode ID: 7d99d7f347040ff834a37369636df34163ce22b99e685c29e9eec8dc68091931
                                                                                                                                                                                                                                                • Instruction ID: d2f5197e6ac244f8c2ffd0b970a7d5d7d4e68230f36633108c6693ebe77638a1
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7d99d7f347040ff834a37369636df34163ce22b99e685c29e9eec8dc68091931
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C1417CF0604145AFCF659F24CC89A7D7FA5EF85380F29C1AAF85D87652DE398C028792
                                                                                                                                                                                                                                                Function 007A2716 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 121windowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 007AB403: WriteProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,007A21D0,?,?,00000034,00000800,?,00000034), ref: 007AB42D
                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001104,00000000,00000000), ref: 007A2760
                                                                                                                                                                                                                                                  • Part of subcall function 007AB3CE: ReadProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,007A21FF,?,?,00000800,?,00001073,00000000,?,?), ref: 007AB3F8
                                                                                                                                                                                                                                                  • Part of subcall function 007AB32A: GetWindowThreadProcessId.USER32(?,?), ref: 007AB355
                                                                                                                                                                                                                                                  • Part of subcall function 007AB32A: OpenProcess.KERNEL32(00000438,00000000,?,?,?,007A2194,00000034,?,?,00001004,00000000,00000000), ref: 007AB365
                                                                                                                                                                                                                                                  • Part of subcall function 007AB32A: VirtualAllocEx.KERNEL32(00000000,00000000,?,00001000,00000004,?,?,007A2194,00000034,?,?,00001004,00000000,00000000), ref: 007AB37B
                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 007A27CD
                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 007A281A
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Process$MessageSend$Memory$AllocOpenReadThreadVirtualWindowWrite
                                                                                                                                                                                                                                                • String ID: @
                                                                                                                                                                                                                                                • API String ID: 4150878124-2766056989
                                                                                                                                                                                                                                                • Opcode ID: f3273c32e07c3a946341f18964239f183a0bc97968e3af57b16c234b5aa596cd
                                                                                                                                                                                                                                                • Instruction ID: e024263b373b5a4046ae13aafc902b54dec3f086bf06573023cac8664e0d8a68
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f3273c32e07c3a946341f18964239f183a0bc97968e3af57b16c234b5aa596cd
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3B414C72900218AFDB10DFA8CD45AEEBBB8EF4A300F008195FA55B7181DB746F45CBA0
                                                                                                                                                                                                                                                Function 0077172E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 115COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\XlKQ797V2E.exe,00000104), ref: 00771769
                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00771834
                                                                                                                                                                                                                                                • _free.LIBCMT ref: 0077183E
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: _free$FileModuleName
                                                                                                                                                                                                                                                • String ID: C:\Users\user\Desktop\XlKQ797V2E.exe
                                                                                                                                                                                                                                                • API String ID: 2506810119-2944988963
                                                                                                                                                                                                                                                • Opcode ID: 891a6cc635bbafe4fd517e19980a32f10e85574b9c8dbfc5168f47fb8cfd5835
                                                                                                                                                                                                                                                • Instruction ID: 513abfdf1ea1b0aad4c596e0cde7c11938d7654aa020dfce1e9fb587e92a1a41
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 891a6cc635bbafe4fd517e19980a32f10e85574b9c8dbfc5168f47fb8cfd5835
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A2318071A00218EFDF25DF99D889D9EBBFCEF853A0B548166F908D7211D6748E40CB91
                                                                                                                                                                                                                                                Function 007AC27D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 114windowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetMenuItemInfoW.USER32(00000004,00000000,00000000,?), ref: 007AC306
                                                                                                                                                                                                                                                • DeleteMenu.USER32(?,00000007,00000000), ref: 007AC34C
                                                                                                                                                                                                                                                • DeleteMenu.USER32(?,00000000,00000000,?,00000000,00000000,00811990,01645EF8), ref: 007AC395
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Menu$Delete$InfoItem
                                                                                                                                                                                                                                                • String ID: 0
                                                                                                                                                                                                                                                • API String ID: 135850232-4108050209
                                                                                                                                                                                                                                                • Opcode ID: 7f35a8cbee277c305c4559f9e6eb3d11a39bbbc27451f7393d203875daeff6ff
                                                                                                                                                                                                                                                • Instruction ID: 22a8077b945bbb56e4ca3cf12cfa181966f769defa5991b2ae2535ec1739802e
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7f35a8cbee277c305c4559f9e6eb3d11a39bbbc27451f7393d203875daeff6ff
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0A41A031208301EFDB21DF25D845B1ABBE8AFC6310F10871DF9A5972D1D778A904CB62
                                                                                                                                                                                                                                                Function 007D4416 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 106COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013,?,?,SysTreeView32,007DCC08,00000000,?,?,?,?), ref: 007D44AA
                                                                                                                                                                                                                                                • GetWindowLongW.USER32 ref: 007D44C7
                                                                                                                                                                                                                                                • SetWindowLongW.USER32(?,000000F0,00000000), ref: 007D44D7
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Window$Long
                                                                                                                                                                                                                                                • String ID: SysTreeView32
                                                                                                                                                                                                                                                • API String ID: 847901565-1698111956
                                                                                                                                                                                                                                                • Opcode ID: f0534adc80bdaae187486e10a603a5622cd3615e7dfd0d6d8077f1a01b930b24
                                                                                                                                                                                                                                                • Instruction ID: 7c4ec0bce6d79276b0a36e8bcc9d1d6dd163e53af70b197d895446288afa9231
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f0534adc80bdaae187486e10a603a5622cd3615e7dfd0d6d8077f1a01b930b24
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 99317E71210246AFDF219E38DC49BDA7BB9EB08324F204716F979A22D0D778EC909750
                                                                                                                                                                                                                                                Function 007A6E71 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 92memoryCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • SysReAllocString.OLEAUT32(?,?), ref: 007A6EED
                                                                                                                                                                                                                                                • VariantCopyInd.OLEAUT32(?,?), ref: 007A6F08
                                                                                                                                                                                                                                                • VariantClear.OLEAUT32(?), ref: 007A6F12
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Variant$AllocClearCopyString
                                                                                                                                                                                                                                                • String ID: *jz
                                                                                                                                                                                                                                                • API String ID: 2173805711-3847815467
                                                                                                                                                                                                                                                • Opcode ID: 9b72d465e0aab18a7848442dd9846e71852e7b11c613af2c8e23cb92b2cb4992
                                                                                                                                                                                                                                                • Instruction ID: 74004a3dfbe1d3d75cf2a3c1e257e2a0213ae733d15418e45a9c72a42385d20b
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9b72d465e0aab18a7848442dd9846e71852e7b11c613af2c8e23cb92b2cb4992
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F631D171608245DFCB05AFA4E8559BD77B6FF86701B140598F8025B2A1C73CDD12CBD0
                                                                                                                                                                                                                                                Function 007C304E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 90networkCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 007C335B: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,?,?,?,?,007C3077,?,?), ref: 007C3378
                                                                                                                                                                                                                                                • inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 007C307A
                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 007C309B
                                                                                                                                                                                                                                                • htons.WSOCK32(00000000,?,?,00000000), ref: 007C3106
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ByteCharMultiWide_wcslenhtonsinet_addr
                                                                                                                                                                                                                                                • String ID: 255.255.255.255
                                                                                                                                                                                                                                                • API String ID: 946324512-2422070025
                                                                                                                                                                                                                                                • Opcode ID: 97ec538732b0b168e2994c14fca7a2c6adb3ec6936052ba365ad0000863967fa
                                                                                                                                                                                                                                                • Instruction ID: c29623988ee9592fd40dfe749213228275edeebcdbe86538341dee5f56e31c80
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 97ec538732b0b168e2994c14fca7a2c6adb3ec6936052ba365ad0000863967fa
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D231AE36200205DFDB10CF68C485FAA77A1EF14318F28C15DE9168B392DB3AEE85C761
                                                                                                                                                                                                                                                Function 007D3EB8 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 89windowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00001009,00000000,?), ref: 007D3F40
                                                                                                                                                                                                                                                • SetWindowPos.USER32(?,00000000,?,?,?,?,00000004), ref: 007D3F54
                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001002,00000000,?), ref: 007D3F78
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: MessageSend$Window
                                                                                                                                                                                                                                                • String ID: SysMonthCal32
                                                                                                                                                                                                                                                • API String ID: 2326795674-1439706946
                                                                                                                                                                                                                                                • Opcode ID: 805d78df0772c25faa8574d8c1224525e825b9438a34710473bd2d30e311cefc
                                                                                                                                                                                                                                                • Instruction ID: 0c48ed72f0b3a4faf2b32e810789db17d48fbee65ba245a7307b575c59e618a4
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 805d78df0772c25faa8574d8c1224525e825b9438a34710473bd2d30e311cefc
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 54219C32610219BFDF229F50DC46FEA3B79EF48714F110215FA15AB2D0D6B9AD50CBA0
                                                                                                                                                                                                                                                Function 007D4653 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 87windowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000469,?,00000000), ref: 007D4705
                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000465,00000000,80017FFF), ref: 007D4713
                                                                                                                                                                                                                                                • DestroyWindow.USER32(00000000,00000000,?,?,?,00000000,msctls_updown32,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 007D471A
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: MessageSend$DestroyWindow
                                                                                                                                                                                                                                                • String ID: msctls_updown32
                                                                                                                                                                                                                                                • API String ID: 4014797782-2298589950
                                                                                                                                                                                                                                                • Opcode ID: e7e5d6c09e271c4ace0d3b2be6ca8ca3a52f1064f2e4afe47b58b03087bd2ad4
                                                                                                                                                                                                                                                • Instruction ID: 0b31db7530e5530ca1213e0cc228e3c8ce54734fdd3e81256fd63bc4f6dd1440
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e7e5d6c09e271c4ace0d3b2be6ca8ca3a52f1064f2e4afe47b58b03087bd2ad4
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5D214AB5600209AFDB11DF64DCC5DA637BDEF4A3A4B04005AFA109B3A1CB35EC11CA60
                                                                                                                                                                                                                                                Function 007A95AD Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 85COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: _wcslen
                                                                                                                                                                                                                                                • String ID: #OnAutoItStartRegister$#notrayicon$#requireadmin
                                                                                                                                                                                                                                                • API String ID: 176396367-2734436370
                                                                                                                                                                                                                                                • Opcode ID: a47c6d80c691519f2a192cc2c08ed76e88e157261580369bd208434bbec9e55d
                                                                                                                                                                                                                                                • Instruction ID: b809500d0e7a131d7fc5238420a24027b0d30184f80cf2caab0a59d876ef0e6d
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a47c6d80c691519f2a192cc2c08ed76e88e157261580369bd208434bbec9e55d
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 44215B72504610A6D331AB249C07FB773E89FD2300F504526FB5A97181EB5DAD71C2D6
                                                                                                                                                                                                                                                Function 007D37B7 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000180,00000000,?), ref: 007D3840
                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000186,00000000,00000000), ref: 007D3850
                                                                                                                                                                                                                                                • MoveWindow.USER32(00000000,?,?,?,?,00000000,?,?,Listbox,00000000,00000000,?,?,?,?,?), ref: 007D3876
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: MessageSend$MoveWindow
                                                                                                                                                                                                                                                • String ID: Listbox
                                                                                                                                                                                                                                                • API String ID: 3315199576-2633736733
                                                                                                                                                                                                                                                • Opcode ID: a73e891e2b33a3eaacf2850b68be07b6e4bd33e7e8f6773d48120b3dcd94399b
                                                                                                                                                                                                                                                • Instruction ID: 4a0dc686c078d4163c27ae613809565e4fc10a366f7ac3a056bf7ce94b91a4e5
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a73e891e2b33a3eaacf2850b68be07b6e4bd33e7e8f6773d48120b3dcd94399b
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B321C272610119BBEF119F54CC85FBB377EEF89760F108126F9049B290C679DC5197A1
                                                                                                                                                                                                                                                Function 007B49F4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • SetErrorMode.KERNEL32(00000001), ref: 007B4A08
                                                                                                                                                                                                                                                • GetVolumeInformationW.KERNEL32(?,?,00007FFF,?,00000000,00000000,00000000,00000000), ref: 007B4A5C
                                                                                                                                                                                                                                                • SetErrorMode.KERNEL32(00000000,?,?,007DCC08), ref: 007B4AD0
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ErrorMode$InformationVolume
                                                                                                                                                                                                                                                • String ID: %lu
                                                                                                                                                                                                                                                • API String ID: 2507767853-685833217
                                                                                                                                                                                                                                                • Opcode ID: 9df0a5875644cce05b6b4bd08894628b30905249ba439c3c345da358a5815a85
                                                                                                                                                                                                                                                • Instruction ID: 69d33da4bd465a1263df679169e062e8b58967a4fa5eb369c8d5271ee266d80d
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9df0a5875644cce05b6b4bd08894628b30905249ba439c3c345da358a5815a85
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 76314F71A00119EFD711DF64C985EAA77F8EF04304F148095E909DB252D779ED45CB61
                                                                                                                                                                                                                                                Function 007D41EB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000405,00000000,00000000), ref: 007D424F
                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000406,00000000,00640000), ref: 007D4264
                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000414,0000000A,00000000), ref: 007D4271
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: MessageSend
                                                                                                                                                                                                                                                • String ID: msctls_trackbar32
                                                                                                                                                                                                                                                • API String ID: 3850602802-1010561917
                                                                                                                                                                                                                                                • Opcode ID: 565f2c7eea64219af03f9704e89cf8523ef6e0c8b5fbd9dab54665cb20307b44
                                                                                                                                                                                                                                                • Instruction ID: 0b9d8cf0fe6b32860f184266a61cfd59bec4914297dbc5a5292a21189db91199
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 565f2c7eea64219af03f9704e89cf8523ef6e0c8b5fbd9dab54665cb20307b44
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7111E031240208BFEF205F28CC06FAB3BBCFF95B64F114125FA55E21A0D676E8119B20
                                                                                                                                                                                                                                                Function 007A2F52 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 00746B57: _wcslen.LIBCMT ref: 00746B6A
                                                                                                                                                                                                                                                  • Part of subcall function 007A2DA7: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 007A2DC5
                                                                                                                                                                                                                                                  • Part of subcall function 007A2DA7: GetWindowThreadProcessId.USER32(?,00000000), ref: 007A2DD6
                                                                                                                                                                                                                                                  • Part of subcall function 007A2DA7: GetCurrentThreadId.KERNEL32 ref: 007A2DDD
                                                                                                                                                                                                                                                  • Part of subcall function 007A2DA7: AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 007A2DE4
                                                                                                                                                                                                                                                • GetFocus.USER32 ref: 007A2F78
                                                                                                                                                                                                                                                  • Part of subcall function 007A2DEE: GetParent.USER32(00000000), ref: 007A2DF9
                                                                                                                                                                                                                                                • GetClassNameW.USER32(?,?,00000100), ref: 007A2FC3
                                                                                                                                                                                                                                                • EnumChildWindows.USER32(?,007A303B), ref: 007A2FEB
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Thread$AttachChildClassCurrentEnumFocusInputMessageNameParentProcessSendTimeoutWindowWindows_wcslen
                                                                                                                                                                                                                                                • String ID: %s%d
                                                                                                                                                                                                                                                • API String ID: 1272988791-1110647743
                                                                                                                                                                                                                                                • Opcode ID: e5b16ebf49b849738fd153d731e64e9a38f54ad7541077a8f1c9f21d3020b5ee
                                                                                                                                                                                                                                                • Instruction ID: b2aeed525a3989af3ff1078ae1ed11a7694d75e55d3e8b7a76e4f4cb3dd1e504
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e5b16ebf49b849738fd153d731e64e9a38f54ad7541077a8f1c9f21d3020b5ee
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 131190B1700205ABDF556F648C89EEE376AAFC5304F048175FD099B293DE78994ACB60
                                                                                                                                                                                                                                                Function 007D5882 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47windowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetMenuItemInfoW.USER32(?,?,?,00000030), ref: 007D58C1
                                                                                                                                                                                                                                                • SetMenuItemInfoW.USER32(?,?,?,00000030), ref: 007D58EE
                                                                                                                                                                                                                                                • DrawMenuBar.USER32(?), ref: 007D58FD
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Menu$InfoItem$Draw
                                                                                                                                                                                                                                                • String ID: 0
                                                                                                                                                                                                                                                • API String ID: 3227129158-4108050209
                                                                                                                                                                                                                                                • Opcode ID: 811fb82591de6d7cbce476e6b0454c9c93bd8058044d5dcb1d598ec937b3e4c7
                                                                                                                                                                                                                                                • Instruction ID: d4209ed2daebe14e05d1f790d9f352b936cb99abfd9903546ae41d2a25dfa3e4
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 811fb82591de6d7cbce476e6b0454c9c93bd8058044d5dcb1d598ec937b3e4c7
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7B018031500218EFDB219F15EC49FEEBBB8FF45361F10809AE849D6251DB789A94DF21
                                                                                                                                                                                                                                                Function 007A007F Relevance: 6.3, APIs: 4, Instructions: 322COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 671541ddcf0052f045a38d30e1ba626b09a313f56bc8fa6a082ef07a249fdf20
                                                                                                                                                                                                                                                • Instruction ID: f7b207309db768b048334812eac3f90c0b0d8a1aec763923fd7a61bc9fceaf3b
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 671541ddcf0052f045a38d30e1ba626b09a313f56bc8fa6a082ef07a249fdf20
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 51C15C75A0020AEFDB14CFA4C898BAEB7B5FF89314F108A98E505EB251D735ED41DB90
                                                                                                                                                                                                                                                Function 007C342E Relevance: 6.3, APIs: 4, Instructions: 257COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Variant$ClearInitInitializeUninitialize
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 1998397398-0
                                                                                                                                                                                                                                                • Opcode ID: 307e4dd7ff89f0e63062a7f74dddee20050b21728f8b3ab2c67df2012d4236a2
                                                                                                                                                                                                                                                • Instruction ID: d72868451f3df59d116dcc85364102ad6dc281ac1cde5b73f10c37d00ae1aa24
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 307e4dd7ff89f0e63062a7f74dddee20050b21728f8b3ab2c67df2012d4236a2
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 57A11575604210DFC714DF28C489E6AB7E5EF88714F04885DF98A9B362DB38EE05CB91
                                                                                                                                                                                                                                                Function 007A0436 Relevance: 6.2, APIs: 4, Instructions: 230COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • ProgIDFromCLSID.OLE32(?,00000000,?,00000000,00000800,00000000,?,007DFC08,?), ref: 007A05F0
                                                                                                                                                                                                                                                • CoTaskMemFree.OLE32(00000000,00000000,?,00000000,00000800,00000000,?,007DFC08,?), ref: 007A0608
                                                                                                                                                                                                                                                • CLSIDFromProgID.OLE32(?,?,00000000,007DCC40,000000FF,?,00000000,00000800,00000000,?,007DFC08,?), ref: 007A062D
                                                                                                                                                                                                                                                • _memcmp.LIBVCRUNTIME ref: 007A064E
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: FromProg$FreeTask_memcmp
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 314563124-0
                                                                                                                                                                                                                                                • Opcode ID: dd507e1e002e2112355a3ffbb3368a929448bb1a5c3d14634ebaf333e8acafe2
                                                                                                                                                                                                                                                • Instruction ID: 29085608a1d9e04d3db2fd81015ee92439a7f478f1516cef158177f65c5d57d1
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: dd507e1e002e2112355a3ffbb3368a929448bb1a5c3d14634ebaf333e8acafe2
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D9811C71A00109EFCB04DF94C988EEEB7B9FF89315F204559F506AB250DB75AE06CBA0
                                                                                                                                                                                                                                                Function 007CA67C Relevance: 6.2, APIs: 4, Instructions: 175processCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • CreateToolhelp32Snapshot.KERNEL32 ref: 007CA6AC
                                                                                                                                                                                                                                                • Process32FirstW.KERNEL32(00000000,?), ref: 007CA6BA
                                                                                                                                                                                                                                                  • Part of subcall function 00749CB3: _wcslen.LIBCMT ref: 00749CBD
                                                                                                                                                                                                                                                • Process32NextW.KERNEL32(00000000,?), ref: 007CA79C
                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 007CA7AB
                                                                                                                                                                                                                                                  • Part of subcall function 0075CE60: CompareStringW.KERNEL32(00000409,00000001,?,00000000,00000000,?,?,00000000,?,00783303,?), ref: 0075CE8A
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Process32$CloseCompareCreateFirstHandleNextSnapshotStringToolhelp32_wcslen
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 1991900642-0
                                                                                                                                                                                                                                                • Opcode ID: f5122c19ad5411d137a87700f018db696ffbe23021fc4f522281e15cf5f53128
                                                                                                                                                                                                                                                • Instruction ID: 9f8f369180f348a0ab57c367386d14cfc51f8160d31fbff6c1bf9b6a26dcf65e
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f5122c19ad5411d137a87700f018db696ffbe23021fc4f522281e15cf5f53128
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D0513A71508301AFD310DF24C88AA6BBBE8FF89754F00891DF58597252EB78D904CB92
                                                                                                                                                                                                                                                Function 00781391 Relevance: 6.2, APIs: 4, Instructions: 152COMMONLIBRARYCODE
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: _free
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 269201875-0
                                                                                                                                                                                                                                                • Opcode ID: 4a8ded83c8951456218e955a98c2eb8c1381fa8f5ece508a8e86713f0184fa31
                                                                                                                                                                                                                                                • Instruction ID: 4d91c2770f98113c7de1e10856b7897ca488a03dfd479b996e9e358a77976b55
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4a8ded83c8951456218e955a98c2eb8c1381fa8f5ece508a8e86713f0184fa31
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0B410831A80141EBDF217BB99C49AAE3AACFF45370F544226F81DD6192E67C48429761
                                                                                                                                                                                                                                                Function 007D6278 Relevance: 6.1, APIs: 4, Instructions: 138COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetWindowRect.USER32(?,?), ref: 007D62E2
                                                                                                                                                                                                                                                • ScreenToClient.USER32(?,?), ref: 007D6315
                                                                                                                                                                                                                                                • MoveWindow.USER32(?,?,?,?,000000FF,00000001,?,?,?,?,?), ref: 007D6382
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Window$ClientMoveRectScreen
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 3880355969-0
                                                                                                                                                                                                                                                • Opcode ID: 4f628a72c9bb6d6bddda5b731deb4031a79a8cebe6712f73f11764f1274f3823
                                                                                                                                                                                                                                                • Instruction ID: fac899b1b4cb2e81c512c621b1781ae7c176b6da18a7a9bc526a00dc60ee1d2d
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4f628a72c9bb6d6bddda5b731deb4031a79a8cebe6712f73f11764f1274f3823
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 77510775A00209AFDF10DF68D8849AE7BB6FF55360F14825AF9259B390D734AD81CB90
                                                                                                                                                                                                                                                Function 007C1AD6 Relevance: 6.1, APIs: 4, Instructions: 138networkCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • socket.WSOCK32(00000002,00000002,00000011), ref: 007C1AFD
                                                                                                                                                                                                                                                • WSAGetLastError.WSOCK32 ref: 007C1B0B
                                                                                                                                                                                                                                                • #21.WSOCK32(?,0000FFFF,00000020,00000002,00000004), ref: 007C1B8A
                                                                                                                                                                                                                                                • WSAGetLastError.WSOCK32 ref: 007C1B94
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ErrorLast$socket
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 1881357543-0
                                                                                                                                                                                                                                                • Opcode ID: 6a9299de9e0e956b3a523a15f87ec71be28090f040e351723985e76a0157f632
                                                                                                                                                                                                                                                • Instruction ID: 00c7610d601082e0d469292b2fd1b77136d22da6f0a075317e9e0b1acffbcdbe
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6a9299de9e0e956b3a523a15f87ec71be28090f040e351723985e76a0157f632
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7141BF74600201AFE720AF24C88AF2977E5AB45718F94849CF91A9F3D3D77ADD42CB90
                                                                                                                                                                                                                                                Function 0077B41F Relevance: 6.1, APIs: 4, Instructions: 133COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: b763ef3f73092aee874dac04e58a7206c27fb5a2158ee15d03f048d659b31aa1
                                                                                                                                                                                                                                                • Instruction ID: 576027c552a210d0a84285c1ba1865599235d54857d9c44322f192eed53c1b8e
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b763ef3f73092aee874dac04e58a7206c27fb5a2158ee15d03f048d659b31aa1
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 66411B71A00344FFDB249F38CC45B6A7BF9EB88750F10852AF559DB282D779A9118780
                                                                                                                                                                                                                                                Function 007B56D9 Relevance: 6.1, APIs: 4, Instructions: 110fileCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • CreateHardLinkW.KERNEL32(00000002,?,00000000), ref: 007B5783
                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,00000000), ref: 007B57A9
                                                                                                                                                                                                                                                • DeleteFileW.KERNEL32(00000002,?,00000000), ref: 007B57CE
                                                                                                                                                                                                                                                • CreateHardLinkW.KERNEL32(00000002,?,00000000,?,00000000), ref: 007B57FA
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CreateHardLink$DeleteErrorFileLast
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 3321077145-0
                                                                                                                                                                                                                                                • Opcode ID: 454ab5b04dc5346a3f3074669d47267b16f52f37f85de54d564b4cd36af986ee
                                                                                                                                                                                                                                                • Instruction ID: a36fbbfefaf5ee56bc04a3ef12cc6ec7bca260436b761b2b0cf9728b0f8621eb
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 454ab5b04dc5346a3f3074669d47267b16f52f37f85de54d564b4cd36af986ee
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9F410A35600611DFCB15DF15C548A5ABBE2EF89320B198888E84AAF362CB39FD40CB91
                                                                                                                                                                                                                                                Function 0077D8C3 Relevance: 6.1, APIs: 4, Instructions: 110COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(?,00000000,?,00766D71,00000000,00000000,007682D9,?,007682D9,?,00000001,00766D71,?,00000001,007682D9,007682D9), ref: 0077D910
                                                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 0077D999
                                                                                                                                                                                                                                                • GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 0077D9AB
                                                                                                                                                                                                                                                • __freea.LIBCMT ref: 0077D9B4
                                                                                                                                                                                                                                                  • Part of subcall function 00773820: RtlAllocateHeap.NTDLL(00000000,?,00811444,?,0075FDF5,?,?,0074A976,00000010,00811440,007413FC,?,007413C6,?,00741129), ref: 00773852
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ByteCharMultiWide$AllocateHeapStringType__freea
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2652629310-0
                                                                                                                                                                                                                                                • Opcode ID: 5993e248ba32aa98e062d7834bb5268e7974f221514ca14ba2f9b31a555f6890
                                                                                                                                                                                                                                                • Instruction ID: c5195fbb12912e8a5c4b1e16a6d7a04b047ed11f503e5ffa7ddfa2a0e8caed62
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5993e248ba32aa98e062d7834bb5268e7974f221514ca14ba2f9b31a555f6890
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EC31DE72A0021AABDF259F64DC45EAE7BB5EF41350F058268FD09D7250EB39ED50CBA0
                                                                                                                                                                                                                                                Function 007D52C1 Relevance: 6.1, APIs: 4, Instructions: 104windowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001024,00000000,?), ref: 007D5352
                                                                                                                                                                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 007D5375
                                                                                                                                                                                                                                                • SetWindowLongW.USER32(?,000000F0,00000000), ref: 007D5382
                                                                                                                                                                                                                                                • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 007D53A8
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: LongWindow$InvalidateMessageRectSend
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 3340791633-0
                                                                                                                                                                                                                                                • Opcode ID: 7ee7e5868fc6da0c011d88d1dff7c0467dea21d069e12c7bc8f843eaa5e166a4
                                                                                                                                                                                                                                                • Instruction ID: 380052fd31513468edcbbd46fd7dd65ce206be25b04374f32d06f28c2c1c90d8
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7ee7e5868fc6da0c011d88d1dff7c0467dea21d069e12c7bc8f843eaa5e166a4
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7331A134A55A08EFEF359E14CC4ABE87B76AB05398F584103FA11963E1C7BC9D90DB41
                                                                                                                                                                                                                                                Function 007AAB9C Relevance: 6.1, APIs: 4, Instructions: 103keyboardwindowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetKeyboardState.USER32(?,75C0C0D0,?,00008000), ref: 007AABF1
                                                                                                                                                                                                                                                • SetKeyboardState.USER32(00000080,?,00008000), ref: 007AAC0D
                                                                                                                                                                                                                                                • PostMessageW.USER32(00000000,00000101,00000000), ref: 007AAC74
                                                                                                                                                                                                                                                • SendInput.USER32(00000001,?,0000001C,75C0C0D0,?,00008000), ref: 007AACC6
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: KeyboardState$InputMessagePostSend
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 432972143-0
                                                                                                                                                                                                                                                • Opcode ID: 9b2efd315ec23bdb85443b1e8eb7173136b119c612cccbb50dc86879bfb5de87
                                                                                                                                                                                                                                                • Instruction ID: 1afde51ca00a3716ef76676ff91f496d465d18cb1bbb0d919ee5a46729829d25
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9b2efd315ec23bdb85443b1e8eb7173136b119c612cccbb50dc86879bfb5de87
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7731F630A44618BFFF258B6588087FA7BA6ABC6330F04831AE485921D1D37D8995D772
                                                                                                                                                                                                                                                Function 007D7674 Relevance: 6.1, APIs: 4, Instructions: 102windowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • ClientToScreen.USER32(?,?), ref: 007D769A
                                                                                                                                                                                                                                                • GetWindowRect.USER32(?,?), ref: 007D7710
                                                                                                                                                                                                                                                • PtInRect.USER32(?,?,007D8B89), ref: 007D7720
                                                                                                                                                                                                                                                • MessageBeep.USER32(00000000), ref: 007D778C
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Rect$BeepClientMessageScreenWindow
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 1352109105-0
                                                                                                                                                                                                                                                • Opcode ID: 9327ebfdcef67345a1b40385d2b9d7cbd2544498b59db39441018a43968df4ac
                                                                                                                                                                                                                                                • Instruction ID: 3bfd11d378282b36067c4a6acf503659c17ccbb0a2d46bfa4c52813f2cb935fc
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9327ebfdcef67345a1b40385d2b9d7cbd2544498b59db39441018a43968df4ac
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7541B134A09215DFCB05CF68C898EA9BBF4FF48320F5485AAE5249B361E334E941CF90
                                                                                                                                                                                                                                                Function 007D16DA Relevance: 6.1, APIs: 4, Instructions: 101COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetForegroundWindow.USER32 ref: 007D16EB
                                                                                                                                                                                                                                                  • Part of subcall function 007A3A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 007A3A57
                                                                                                                                                                                                                                                  • Part of subcall function 007A3A3D: GetCurrentThreadId.KERNEL32 ref: 007A3A5E
                                                                                                                                                                                                                                                  • Part of subcall function 007A3A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,007A25B3), ref: 007A3A65
                                                                                                                                                                                                                                                • GetCaretPos.USER32(?), ref: 007D16FF
                                                                                                                                                                                                                                                • ClientToScreen.USER32(00000000,?), ref: 007D174C
                                                                                                                                                                                                                                                • GetForegroundWindow.USER32 ref: 007D1752
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ThreadWindow$Foreground$AttachCaretClientCurrentInputProcessScreen
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2759813231-0
                                                                                                                                                                                                                                                • Opcode ID: abd587e392f251511387734458fcb3afe744c8714ec96413784a4e7d7de89e39
                                                                                                                                                                                                                                                • Instruction ID: bd3bcfd1c64702615b129430b96bbfa8ff125283c6a5f8d40cc51f04e33ace2b
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: abd587e392f251511387734458fcb3afe744c8714ec96413784a4e7d7de89e39
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F8316F75D01249EFC704EFA9C885DAEBBF9EF48304B5480AAE415E7211DB39DE45CBA0
                                                                                                                                                                                                                                                Function 007ADF95 Relevance: 6.1, APIs: 4, Instructions: 87COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 00747620: _wcslen.LIBCMT ref: 00747625
                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 007ADFCB
                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 007ADFE2
                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 007AE00D
                                                                                                                                                                                                                                                • GetTextExtentPoint32W.GDI32(?,00000000,00000000,?), ref: 007AE018
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: _wcslen$ExtentPoint32Text
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 3763101759-0
                                                                                                                                                                                                                                                • Opcode ID: 31aeb90e23992a400ff8a349f4286f97595faf834569aeea6a6d1a16bdf52288
                                                                                                                                                                                                                                                • Instruction ID: 99dc0f3e93268772874157b647a3062ec4861447e70c662c19b641161ceb0841
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 31aeb90e23992a400ff8a349f4286f97595faf834569aeea6a6d1a16bdf52288
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2D21E571D00214EFCB20DFA8C982BAEB7F8EF8A750F114165E805BB245D7789E40CBA1
                                                                                                                                                                                                                                                Function 007D8FC9 Relevance: 6.1, APIs: 4, Instructions: 78windowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 00759BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00759BB2
                                                                                                                                                                                                                                                • GetCursorPos.USER32(?), ref: 007D9001
                                                                                                                                                                                                                                                • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000,?,00797711,?,?,?,?,?), ref: 007D9016
                                                                                                                                                                                                                                                • GetCursorPos.USER32(?), ref: 007D905E
                                                                                                                                                                                                                                                • DefDlgProcW.USER32(?,0000007B,?,?,?,?,?,?,?,?,?,?,00797711,?,?,?), ref: 007D9094
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Cursor$LongMenuPopupProcTrackWindow
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2864067406-0
                                                                                                                                                                                                                                                • Opcode ID: fd1a35980aea97735f4074e31bc827bf7e0718e9b65db8ad5edbc92a3966a1e7
                                                                                                                                                                                                                                                • Instruction ID: 8c8d515d3bd04a285686ae8c5465757ff2011e287328a98c3d34ba05e0303aef
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: fd1a35980aea97735f4074e31bc827bf7e0718e9b65db8ad5edbc92a3966a1e7
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7E21D131600018EFCF269F94EC58EFABBB9FF89350F148166FA0587261C3399990DB60
                                                                                                                                                                                                                                                Function 007AD2C1 Relevance: 6.1, APIs: 4, Instructions: 78COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetFileAttributesW.KERNEL32(?,007DCB68), ref: 007AD2FB
                                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 007AD30A
                                                                                                                                                                                                                                                • CreateDirectoryW.KERNEL32(?,00000000), ref: 007AD319
                                                                                                                                                                                                                                                • CreateDirectoryW.KERNEL32(?,00000000,00000000,000000FF,007DCB68), ref: 007AD376
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CreateDirectory$AttributesErrorFileLast
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2267087916-0
                                                                                                                                                                                                                                                • Opcode ID: 285655aa09da76bfd4f0c201b7fe8aa847deb218fd8078981a7bc6f30cf30123
                                                                                                                                                                                                                                                • Instruction ID: cac222b34054dfd923be4cdb97bf41399704616baa36a46889d7bc93be04ea23
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 285655aa09da76bfd4f0c201b7fe8aa847deb218fd8078981a7bc6f30cf30123
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EC216070505202DF8B20DF28C88546EB7E8AF96364F104B1EF4AAC72A1D739DD45CB93
                                                                                                                                                                                                                                                Function 007A1571 Relevance: 6.1, APIs: 4, Instructions: 78memoryCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 007A1014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 007A102A
                                                                                                                                                                                                                                                  • Part of subcall function 007A1014: GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 007A1036
                                                                                                                                                                                                                                                  • Part of subcall function 007A1014: GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 007A1045
                                                                                                                                                                                                                                                  • Part of subcall function 007A1014: HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 007A104C
                                                                                                                                                                                                                                                  • Part of subcall function 007A1014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 007A1062
                                                                                                                                                                                                                                                • LookupPrivilegeValueW.ADVAPI32(00000000,?,?), ref: 007A15BE
                                                                                                                                                                                                                                                • _memcmp.LIBVCRUNTIME ref: 007A15E1
                                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 007A1617
                                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000), ref: 007A161E
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Heap$InformationProcessToken$AllocErrorFreeLastLookupPrivilegeValue_memcmp
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 1592001646-0
                                                                                                                                                                                                                                                • Opcode ID: 5ab34dc8b256c781e4c7ad4f9bf5377d2b1b25c14827c769300ad00f88d4e959
                                                                                                                                                                                                                                                • Instruction ID: 74c8af5d6ae393cd182cf60c6fb322b3421108bd62cdf7cc6f790887cc73db9a
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5ab34dc8b256c781e4c7ad4f9bf5377d2b1b25c14827c769300ad00f88d4e959
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7621B071E41109EFEF00DFA4C949BEEB7B8EF81344F498559E441AB241EB38AE04CB50
                                                                                                                                                                                                                                                Function 007D2782 Relevance: 6.1, APIs: 4, Instructions: 75COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetWindowLongW.USER32(?,000000EC), ref: 007D280A
                                                                                                                                                                                                                                                • SetWindowLongW.USER32(?,000000EC,00000000), ref: 007D2824
                                                                                                                                                                                                                                                • SetWindowLongW.USER32(?,000000EC,00000000), ref: 007D2832
                                                                                                                                                                                                                                                • SetLayeredWindowAttributes.USER32(?,00000000,?,00000002), ref: 007D2840
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Window$Long$AttributesLayered
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2169480361-0
                                                                                                                                                                                                                                                • Opcode ID: 244015ee6c2a1b63d25bf6921c53b795eb7ea0798af735a80f5d680321fb21c1
                                                                                                                                                                                                                                                • Instruction ID: 1bf7daa9cf030a56b6caa28ef42f7f3876d99f11ff814daf690795b4ed489d70
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 244015ee6c2a1b63d25bf6921c53b795eb7ea0798af735a80f5d680321fb21c1
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6421B231205111AFD7159B24C844F6AB7A5AF95324F14815AF4168B793C779FC43C790
                                                                                                                                                                                                                                                Function 007A78F5 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 71stringCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 007A8D7D: lstrlenW.KERNEL32(?,00000002,000000FF,?,?,?,007A790A,?,000000FF,?,007A8754,00000000,?,0000001C,?,?), ref: 007A8D8C
                                                                                                                                                                                                                                                  • Part of subcall function 007A8D7D: lstrcpyW.KERNEL32(00000000,?,?,007A790A,?,000000FF,?,007A8754,00000000,?,0000001C,?,?,00000000), ref: 007A8DB2
                                                                                                                                                                                                                                                  • Part of subcall function 007A8D7D: lstrcmpiW.KERNEL32(00000000,?,007A790A,?,000000FF,?,007A8754,00000000,?,0000001C,?,?), ref: 007A8DE3
                                                                                                                                                                                                                                                • lstrlenW.KERNEL32(?,00000002,000000FF,?,000000FF,?,007A8754,00000000,?,0000001C,?,?,00000000), ref: 007A7923
                                                                                                                                                                                                                                                • lstrcpyW.KERNEL32(00000000,?,?,007A8754,00000000,?,0000001C,?,?,00000000), ref: 007A7949
                                                                                                                                                                                                                                                • lstrcmpiW.KERNEL32(00000002,cdecl,?,007A8754,00000000,?,0000001C,?,?,00000000), ref: 007A7984
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: lstrcmpilstrcpylstrlen
                                                                                                                                                                                                                                                • String ID: cdecl
                                                                                                                                                                                                                                                • API String ID: 4031866154-3896280584
                                                                                                                                                                                                                                                • Opcode ID: 3d6549d4df42973494a572678ec7d3eff68b25a6d3af2cd3b470cf5ecd1d46c3
                                                                                                                                                                                                                                                • Instruction ID: df49f9c0dea57190a40d5bf4e0f23439a68bc8e3b62b27b5e651bdb795156aa7
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3d6549d4df42973494a572678ec7d3eff68b25a6d3af2cd3b470cf5ecd1d46c3
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3D11E93A201302ABDB155F34DC45D7B77A9FF86350B50812BF946C72A4EB799811C791
                                                                                                                                                                                                                                                Function 007D7CC2 Relevance: 6.1, APIs: 4, Instructions: 70COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 007D7D0B
                                                                                                                                                                                                                                                • SetWindowLongW.USER32(00000000,000000F0,?), ref: 007D7D2A
                                                                                                                                                                                                                                                • SetWindowLongW.USER32(00000000,000000EC,000000FF), ref: 007D7D42
                                                                                                                                                                                                                                                • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?,007BB7AD,00000000), ref: 007D7D6B
                                                                                                                                                                                                                                                  • Part of subcall function 00759BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00759BB2
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Window$Long
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 847901565-0
                                                                                                                                                                                                                                                • Opcode ID: 55910123076c62d7a35551e6797202287d8b501d786e6f8cee13237f08f3741f
                                                                                                                                                                                                                                                • Instruction ID: aa81ac5fac2566658e2125f23e13e8e6b66c9f9e6864b8028b4720d8b22acf4f
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 55910123076c62d7a35551e6797202287d8b501d786e6f8cee13237f08f3741f
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F211D231205615AFCB158F28CC08AA63BBABF45370B218326F93ADB3F0E7348950DB50
                                                                                                                                                                                                                                                Function 007D5660 Relevance: 6.1, APIs: 4, Instructions: 67windowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001060,?,00000004), ref: 007D56BB
                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 007D56CD
                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 007D56D8
                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001002,00000000,?), ref: 007D5816
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: MessageSend_wcslen
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 455545452-0
                                                                                                                                                                                                                                                • Opcode ID: 409c9c303145b1eefe5c5dec6b9c6f91ef36f739c1f0b0b4bfc57d374a535ea4
                                                                                                                                                                                                                                                • Instruction ID: 270a4968b935d8c5ab2686655d3f0a243fd285a74cf0cd6768ed3a8aa1f4e57d
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 409c9c303145b1eefe5c5dec6b9c6f91ef36f739c1f0b0b4bfc57d374a535ea4
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D111D371A00608A7DF209F65CC85EEE77BCEF10760B10806BF916D6281EB78DA84CF64
                                                                                                                                                                                                                                                Function 00771D09 Relevance: 6.1, APIs: 4, Instructions: 63COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 8f4e41449b31688af622ccb69545a94767d38f58eed5167de511bc5c92772e02
                                                                                                                                                                                                                                                • Instruction ID: f7e7db116446076d2bd6728a2c38508d6406ffca6f109e19efffebf954406c2c
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8f4e41449b31688af622ccb69545a94767d38f58eed5167de511bc5c92772e02
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9B01BCB230561A7EEE2116786CC1F27662CEF413F8B758326F528A11D2DB688C405A20
                                                                                                                                                                                                                                                Function 007A1A27 Relevance: 6.1, APIs: 4, Instructions: 56windowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • SendMessageW.USER32(?,000000B0,?,?), ref: 007A1A47
                                                                                                                                                                                                                                                • SendMessageW.USER32(?,000000C9,?,00000000), ref: 007A1A59
                                                                                                                                                                                                                                                • SendMessageW.USER32(?,000000C9,?,00000000), ref: 007A1A6F
                                                                                                                                                                                                                                                • SendMessageW.USER32(?,000000C9,?,00000000), ref: 007A1A8A
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: MessageSend
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 3850602802-0
                                                                                                                                                                                                                                                • Opcode ID: 0f4cd2b5b40d87b18f421750c5d85ecd18d08e91cc7843f806fa5db2436f47f5
                                                                                                                                                                                                                                                • Instruction ID: 0a9dcc78f1b4626a2e35337528226561c102c4bdc8b6b084ced9c680c535051e
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0f4cd2b5b40d87b18f421750c5d85ecd18d08e91cc7843f806fa5db2436f47f5
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C8113C3AD01219FFEB11DBA4CD85FADBB78EB04750F204191E600B7290D6716E50DB94
                                                                                                                                                                                                                                                Function 007AE1D6 Relevance: 6.1, APIs: 4, Instructions: 55synchronizationthreadwindowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 007AE1FD
                                                                                                                                                                                                                                                • MessageBoxW.USER32(?,?,?,?), ref: 007AE230
                                                                                                                                                                                                                                                • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?), ref: 007AE246
                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 007AE24D
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CloseCurrentHandleMessageObjectSingleThreadWait
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2880819207-0
                                                                                                                                                                                                                                                • Opcode ID: e6889fc380fc6ddeee099d39b6b3648bb95c8bd793d5fb0f7628ce287a1a9bbb
                                                                                                                                                                                                                                                • Instruction ID: 2d077330b1ad8b2529fac98dce9e9a1e22df6dc91a575e4831658712dce01cd1
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e6889fc380fc6ddeee099d39b6b3648bb95c8bd793d5fb0f7628ce287a1a9bbb
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D511E9B1904259BBCB119BA89C09A9E7BACBF85310F008315F924D3290D37889008761
                                                                                                                                                                                                                                                Function 0076D1CC Relevance: 6.1, APIs: 4, Instructions: 55threadCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • CreateThread.KERNEL32(00000000,?,0076CFF9,00000000,00000004,00000000), ref: 0076D218
                                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 0076D224
                                                                                                                                                                                                                                                • __dosmaperr.LIBCMT ref: 0076D22B
                                                                                                                                                                                                                                                • ResumeThread.KERNEL32(00000000), ref: 0076D249
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Thread$CreateErrorLastResume__dosmaperr
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 173952441-0
                                                                                                                                                                                                                                                • Opcode ID: 75056cf9fc8a55aeabdefe177a7f299a10932254e0c5b3de19bf1d750bfe7b43
                                                                                                                                                                                                                                                • Instruction ID: 94ea6e54101c11686c5ec16c652097d475ceb0606f74da0bda0a438ca82c15eb
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 75056cf9fc8a55aeabdefe177a7f299a10932254e0c5b3de19bf1d750bfe7b43
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0401D276E15208BFCB215BA5DC09BAE7B69EF82330F114219FD26921D0DBB9CD41C6A1
                                                                                                                                                                                                                                                Function 007D9EF3 Relevance: 6.1, APIs: 4, Instructions: 55COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 00759BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00759BB2
                                                                                                                                                                                                                                                • GetClientRect.USER32(?,?), ref: 007D9F31
                                                                                                                                                                                                                                                • GetCursorPos.USER32(?), ref: 007D9F3B
                                                                                                                                                                                                                                                • ScreenToClient.USER32(?,?), ref: 007D9F46
                                                                                                                                                                                                                                                • DefDlgProcW.USER32(?,00000020,?,00000000,?,?,?), ref: 007D9F7A
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Client$CursorLongProcRectScreenWindow
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 4127811313-0
                                                                                                                                                                                                                                                • Opcode ID: 47139906365ec40e00048d22c16aeffc1b0cbe6d7f8662de5c07d0e45059388e
                                                                                                                                                                                                                                                • Instruction ID: 398e37c6a38e8153561e1f7681dd6db7d7b3fe6badf4c2c2fe64feab6e13def2
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 47139906365ec40e00048d22c16aeffc1b0cbe6d7f8662de5c07d0e45059388e
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0B115A3290011AEBDF01DFA8D8499EE77B8FF05311F504552FA12E3240D738BA91CBA5
                                                                                                                                                                                                                                                Function 0074600E Relevance: 6.1, APIs: 4, Instructions: 53windowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 0074604C
                                                                                                                                                                                                                                                • GetStockObject.GDI32(00000011), ref: 00746060
                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000030,00000000), ref: 0074606A
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CreateMessageObjectSendStockWindow
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 3970641297-0
                                                                                                                                                                                                                                                • Opcode ID: 2f67144cbb68351812ef8f2ff80f279a143fa4ce6a6a9dbdb9dea8e9ad7c5609
                                                                                                                                                                                                                                                • Instruction ID: b210e2fc66e5b8779ab8f9127d64d9775b77ac2d492b77b1a11b39a47f560501
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2f67144cbb68351812ef8f2ff80f279a143fa4ce6a6a9dbdb9dea8e9ad7c5609
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A5115BB2502509BFEF125FA49C44EEABB69EF097A5F044216FA1452120D73ADC60DBA1
                                                                                                                                                                                                                                                Function 00763B3C Relevance: 6.1, APIs: 4, Instructions: 53COMMONLIBRARYCODE
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • ___BuildCatchObject.LIBVCRUNTIME ref: 00763B56
                                                                                                                                                                                                                                                  • Part of subcall function 00763AA3: BuildCatchObjectHelperInternal.LIBVCRUNTIME ref: 00763AD2
                                                                                                                                                                                                                                                  • Part of subcall function 00763AA3: ___AdjustPointer.LIBCMT ref: 00763AED
                                                                                                                                                                                                                                                • _UnwindNestedFrames.LIBCMT ref: 00763B6B
                                                                                                                                                                                                                                                • __FrameHandler3::FrameUnwindToState.LIBVCRUNTIME ref: 00763B7C
                                                                                                                                                                                                                                                • CallCatchBlock.LIBVCRUNTIME ref: 00763BA4
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Catch$BuildFrameObjectUnwind$AdjustBlockCallFramesHandler3::HelperInternalNestedPointerState
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 737400349-0
                                                                                                                                                                                                                                                • Opcode ID: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
                                                                                                                                                                                                                                                • Instruction ID: 5421f478581db165a1cf2aedac3e9d00d5fa0bf4171199498355e0055c859eeb
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2F012972100149BBDF125E95CC46EEB3F6AEF49754F044014FE4966121C73AE961EBA0
                                                                                                                                                                                                                                                Function 00773073 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,007413C6,00000000,00000000,?,0077301A,007413C6,00000000,00000000,00000000,?,0077328B,00000006,FlsSetValue), ref: 007730A5
                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,0077301A,007413C6,00000000,00000000,00000000,?,0077328B,00000006,FlsSetValue,007E2290,FlsSetValue,00000000,00000364,?,00772E46), ref: 007730B1
                                                                                                                                                                                                                                                • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,0077301A,007413C6,00000000,00000000,00000000,?,0077328B,00000006,FlsSetValue,007E2290,FlsSetValue,00000000), ref: 007730BF
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: LibraryLoad$ErrorLast
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 3177248105-0
                                                                                                                                                                                                                                                • Opcode ID: 576a45a924435cd05b5c2c944602b8367a09da6de799bd22fdae09ea76b32e1b
                                                                                                                                                                                                                                                • Instruction ID: 17580a00d9f8a9bede71bd8f7096ffdc05f90477d1b53e103c43dcaa7022a99e
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 576a45a924435cd05b5c2c944602b8367a09da6de799bd22fdae09ea76b32e1b
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0301F732352227ABCF314B789C459677BAAAF05BE1B20C720F90DE7180DB29D901D6E0
                                                                                                                                                                                                                                                Function 007A7464 Relevance: 6.1, APIs: 4, Instructions: 51registryCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetModuleFileNameW.KERNEL32(?,?,00000104,00000000), ref: 007A747F
                                                                                                                                                                                                                                                • LoadTypeLibEx.OLEAUT32(?,00000002,?), ref: 007A7497
                                                                                                                                                                                                                                                • RegisterTypeLib.OLEAUT32(?,?,00000000), ref: 007A74AC
                                                                                                                                                                                                                                                • RegisterTypeLibForUser.OLEAUT32(?,?,00000000), ref: 007A74CA
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Type$Register$FileLoadModuleNameUser
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 1352324309-0
                                                                                                                                                                                                                                                • Opcode ID: ad5ea4e30a946c17090afea5794c801947ac9790beeb8ec900bfcc32a2b07792
                                                                                                                                                                                                                                                • Instruction ID: a8f1c22c0ac982af91984df23901765268818228bc9fe49947a75544125a92b0
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ad5ea4e30a946c17090afea5794c801947ac9790beeb8ec900bfcc32a2b07792
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: ED11C0B120A355EFE7208F14DD08F927FFCEB89B10F10866AA616D6191D7B8E904DB60
                                                                                                                                                                                                                                                Function 007AB0A8 Relevance: 6.0, APIs: 4, Instructions: 50sleepCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,007AACD3,?,00008000), ref: 007AB0C4
                                                                                                                                                                                                                                                • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,007AACD3,?,00008000), ref: 007AB0E9
                                                                                                                                                                                                                                                • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,007AACD3,?,00008000), ref: 007AB0F3
                                                                                                                                                                                                                                                • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,007AACD3,?,00008000), ref: 007AB126
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CounterPerformanceQuerySleep
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2875609808-0
                                                                                                                                                                                                                                                • Opcode ID: 8c8f937da0216ac971335a819a6242c9d30046f2db6371f71ccff009853fce50
                                                                                                                                                                                                                                                • Instruction ID: f2366060823be4eb45e364a2e7a32c2253d5a6a8dea2afe89e0e68f42b88ef2d
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8c8f937da0216ac971335a819a6242c9d30046f2db6371f71ccff009853fce50
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8F118071C0152DE7CF00AFE4E9596EEBF78FF8A711F108196D981B2182CB389A50CB55
                                                                                                                                                                                                                                                Function 007D7E14 Relevance: 6.0, APIs: 4, Instructions: 46COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetWindowRect.USER32(?,?), ref: 007D7E33
                                                                                                                                                                                                                                                • ScreenToClient.USER32(?,?), ref: 007D7E4B
                                                                                                                                                                                                                                                • ScreenToClient.USER32(?,?), ref: 007D7E6F
                                                                                                                                                                                                                                                • InvalidateRect.USER32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 007D7E8A
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ClientRectScreen$InvalidateWindow
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 357397906-0
                                                                                                                                                                                                                                                • Opcode ID: 4f67f8ec660e92dce5b9bfe050aa8170c96091da1c78d3ad6c91be400009a393
                                                                                                                                                                                                                                                • Instruction ID: db6d4c117eec18a36e18e261be1aa1e1872d33b1d18fff69f3b5e155a73595fb
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4f67f8ec660e92dce5b9bfe050aa8170c96091da1c78d3ad6c91be400009a393
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F31153B9D0020AAFDB41CF98C884AEEBBF9FF08310F509166E915E3210D735AA54CF94
                                                                                                                                                                                                                                                Function 007A2DA7 Relevance: 6.0, APIs: 4, Instructions: 34threadwindowtimeCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 007A2DC5
                                                                                                                                                                                                                                                • GetWindowThreadProcessId.USER32(?,00000000), ref: 007A2DD6
                                                                                                                                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 007A2DDD
                                                                                                                                                                                                                                                • AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 007A2DE4
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Thread$AttachCurrentInputMessageProcessSendTimeoutWindow
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2710830443-0
                                                                                                                                                                                                                                                • Opcode ID: ce8437ca8332ca9ec82ec4a7ee3a2b4b05486ca7ccf8647b50e4bb4f9c1525fb
                                                                                                                                                                                                                                                • Instruction ID: 14fafa77d2dbcada5e4a6cc9c0f247dc3ab8eeceacd095898ed712f5fd49c2bd
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ce8437ca8332ca9ec82ec4a7ee3a2b4b05486ca7ccf8647b50e4bb4f9c1525fb
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E9E06D71203225BADB211B669C0EEEB3F7CEF83BA1F004116B505D10829AA9C841C6B0
                                                                                                                                                                                                                                                Function 007D8863 Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 00759639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00759693
                                                                                                                                                                                                                                                  • Part of subcall function 00759639: SelectObject.GDI32(?,00000000), ref: 007596A2
                                                                                                                                                                                                                                                  • Part of subcall function 00759639: BeginPath.GDI32(?), ref: 007596B9
                                                                                                                                                                                                                                                  • Part of subcall function 00759639: SelectObject.GDI32(?,00000000), ref: 007596E2
                                                                                                                                                                                                                                                • MoveToEx.GDI32(?,00000000,00000000,00000000), ref: 007D8887
                                                                                                                                                                                                                                                • LineTo.GDI32(?,?,?), ref: 007D8894
                                                                                                                                                                                                                                                • EndPath.GDI32(?), ref: 007D88A4
                                                                                                                                                                                                                                                • StrokePath.GDI32(?), ref: 007D88B2
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Path$ObjectSelect$BeginCreateLineMoveStroke
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 1539411459-0
                                                                                                                                                                                                                                                • Opcode ID: c5c8b945d682c58572c37504233fa19766e5c6d96f89725b54c18e6257fa24d9
                                                                                                                                                                                                                                                • Instruction ID: aedc319702a45f57bc19ecaf2431fa4eedf82561dbe4c872d86e09e04a00e3f0
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c5c8b945d682c58572c37504233fa19766e5c6d96f89725b54c18e6257fa24d9
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BEF03A36046259FADF135F94AC0DFCA3F69AF06311F44C002FB11651E1C7B95511DBA9
                                                                                                                                                                                                                                                Function 007598B0 Relevance: 6.0, APIs: 4, Instructions: 23COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetSysColor.USER32(00000008), ref: 007598CC
                                                                                                                                                                                                                                                • SetTextColor.GDI32(?,?), ref: 007598D6
                                                                                                                                                                                                                                                • SetBkMode.GDI32(?,00000001), ref: 007598E9
                                                                                                                                                                                                                                                • GetStockObject.GDI32(00000005), ref: 007598F1
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Color$ModeObjectStockText
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 4037423528-0
                                                                                                                                                                                                                                                • Opcode ID: de25a10d3f80293692c1646022c99d403bb6050fd26d1e475dbae42932ec0b6a
                                                                                                                                                                                                                                                • Instruction ID: f300ecdea621f34bea2fdab5f235245da12ddcb30a02ea9bf0e05ec2ba61a505
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: de25a10d3f80293692c1646022c99d403bb6050fd26d1e475dbae42932ec0b6a
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B4E06D31245295AADF225B74BC09BE83F20AB12336F14C21AF6FA580E1C37A4650DB20
                                                                                                                                                                                                                                                Function 007A162B Relevance: 6.0, APIs: 4, Instructions: 22threadCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetCurrentThread.KERNEL32 ref: 007A1634
                                                                                                                                                                                                                                                • OpenThreadToken.ADVAPI32(00000000,?,?,?,007A11D9), ref: 007A163B
                                                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(00000028,?,?,?,?,007A11D9), ref: 007A1648
                                                                                                                                                                                                                                                • OpenProcessToken.ADVAPI32(00000000,?,?,?,007A11D9), ref: 007A164F
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CurrentOpenProcessThreadToken
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 3974789173-0
                                                                                                                                                                                                                                                • Opcode ID: c41235428a471ba3d217490e677ff7ffc4ed3562f14d39d63b7c1abba670aadd
                                                                                                                                                                                                                                                • Instruction ID: ea245f34ab45fd73deba67a9d0acf97d055f1ba40b9eb4bb95f26b7f5f8cb419
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c41235428a471ba3d217490e677ff7ffc4ed3562f14d39d63b7c1abba670aadd
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 47E08631603212DBE7201FE09F0DB463B7CAF457A1F14C809F245C9080DA3C4440C758
                                                                                                                                                                                                                                                Function 0079D858 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetDesktopWindow.USER32 ref: 0079D858
                                                                                                                                                                                                                                                • GetDC.USER32(00000000), ref: 0079D862
                                                                                                                                                                                                                                                • GetDeviceCaps.GDI32(00000000,0000000C), ref: 0079D882
                                                                                                                                                                                                                                                • ReleaseDC.USER32(?), ref: 0079D8A3
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2889604237-0
                                                                                                                                                                                                                                                • Opcode ID: 7d49196bd6a89be1a8f456a35404e6784a4e9baa17df72d47298a65d1bc01fe8
                                                                                                                                                                                                                                                • Instruction ID: 1516180a22860a92a6652d23849e059c60dfed6464d8c632ca4d40d85c9dbe1f
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7d49196bd6a89be1a8f456a35404e6784a4e9baa17df72d47298a65d1bc01fe8
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F4E01AB1801206DFCF529FA0D80CA6DBBB1FB08311F18C00AE806E7250C73C8945EF44
                                                                                                                                                                                                                                                Function 0079D86C Relevance: 6.0, APIs: 4, Instructions: 18COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetDesktopWindow.USER32 ref: 0079D86C
                                                                                                                                                                                                                                                • GetDC.USER32(00000000), ref: 0079D876
                                                                                                                                                                                                                                                • GetDeviceCaps.GDI32(00000000,0000000C), ref: 0079D882
                                                                                                                                                                                                                                                • ReleaseDC.USER32(?), ref: 0079D8A3
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2889604237-0
                                                                                                                                                                                                                                                • Opcode ID: 68316f924ee7f42347e695525c8c4f50ae200cc049d211640dee85bdb0d5d6e4
                                                                                                                                                                                                                                                • Instruction ID: 9526009b90f3c7c400a5421a9e947d68b036171b166ffeb1bb7bceab06c7219f
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 68316f924ee7f42347e695525c8c4f50ae200cc049d211640dee85bdb0d5d6e4
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 00E012B1802202EFCB52AFA0D80C66DBBB1FB08311B18800AE90AE7250CB3C9905EF44
                                                                                                                                                                                                                                                Function 007B4D87 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 230shareCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 00747620: _wcslen.LIBCMT ref: 00747625
                                                                                                                                                                                                                                                • WNetUseConnectionW.MPR(00000000,?,0000002A,00000000,?,?,0000002A,?), ref: 007B4ED4
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Connection_wcslen
                                                                                                                                                                                                                                                • String ID: *$LPT
                                                                                                                                                                                                                                                • API String ID: 1725874428-3443410124
                                                                                                                                                                                                                                                • Opcode ID: 085de2324d34ecf4caf2c0e2af9a3be0d403a7eacdf29ac93cfddcd3b30ba139
                                                                                                                                                                                                                                                • Instruction ID: 6bf99cdecafc1e3b71a6a8ed2ceaed1552a72251d25177182aa2b63900e97c53
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 085de2324d34ecf4caf2c0e2af9a3be0d403a7eacdf29ac93cfddcd3b30ba139
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 55912C75A00254DFCB14DF58C484FAABBF5AF44304F198099E80A9F3A2D779ED85CB91
                                                                                                                                                                                                                                                Function 0076E27D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 189COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • __startOneArgErrorHandling.LIBCMT ref: 0076E30D
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ErrorHandling__start
                                                                                                                                                                                                                                                • String ID: pow
                                                                                                                                                                                                                                                • API String ID: 3213639722-2276729525
                                                                                                                                                                                                                                                • Opcode ID: 837c759a1fe8214a45f746f7a40982fdb4437dd813fbef6d58f8505d2b4d2487
                                                                                                                                                                                                                                                • Instruction ID: cb58a5423f1f6129e2740dd7fb4ef2721df0d594c96d95c73ff36ba44b49a4f9
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 837c759a1fe8214a45f746f7a40982fdb4437dd813fbef6d58f8505d2b4d2487
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A5516C65B0C502D6CF197714C9453793B98EB40780F34C968E8DB863E9DF3C8C95DA96
                                                                                                                                                                                                                                                Function 0075E187 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 184COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: #
                                                                                                                                                                                                                                                • API String ID: 0-1885708031
                                                                                                                                                                                                                                                • Opcode ID: 93de9d83c16110a792fe81cf3ade536931ec039d400937b885910d145bb4f0f5
                                                                                                                                                                                                                                                • Instruction ID: bb1f0d7a788ce9401c47db81732d300ec5aca5a131936a9de3810f50dfddcec4
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 93de9d83c16110a792fe81cf3ade536931ec039d400937b885910d145bb4f0f5
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 83511E31904246DFDF19DFA8D085AFA7BA8FF15310F248015EC919B280DB7C9E86CBA1
                                                                                                                                                                                                                                                Function 0075F291 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 144sleepCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • Sleep.KERNEL32(00000000), ref: 0075F2A2
                                                                                                                                                                                                                                                • GlobalMemoryStatusEx.KERNEL32(?), ref: 0075F2BB
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: GlobalMemorySleepStatus
                                                                                                                                                                                                                                                • String ID: @
                                                                                                                                                                                                                                                • API String ID: 2783356886-2766056989
                                                                                                                                                                                                                                                • Opcode ID: 086d8deea8f5d9cec074b5f3c08a153bc555d75a97d8417afbe3db350bf08df1
                                                                                                                                                                                                                                                • Instruction ID: 36c3634ba28abc6eb7c9986bcde6c2e7e3d3b31fcbbfa4d34ec435a8978bc226
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 086d8deea8f5d9cec074b5f3c08a153bc555d75a97d8417afbe3db350bf08df1
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 15513872409744DBD320AF50D88ABABBBF8FB84300F81885DF1D9411A5EB758529CB6B
                                                                                                                                                                                                                                                Function 007C5745 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 125COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • CharUpperBuffW.USER32(?,?,?,00000003,?,?), ref: 007C57E0
                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 007C57EC
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: BuffCharUpper_wcslen
                                                                                                                                                                                                                                                • String ID: CALLARGARRAY
                                                                                                                                                                                                                                                • API String ID: 157775604-1150593374
                                                                                                                                                                                                                                                • Opcode ID: d30c2463c484d692f22dbf314495815720a310a5c5aa22c4a0c75d72f795c3f1
                                                                                                                                                                                                                                                • Instruction ID: 07ce9b56c6971559b73b575a2d77eb296e38046ae50183de4a9a30df83118a83
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d30c2463c484d692f22dbf314495815720a310a5c5aa22c4a0c75d72f795c3f1
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 83417C31A00209DFCB14DFA8C885EAEBBF5EF59360F14416DF505A7291E779AD81CBA0
                                                                                                                                                                                                                                                Function 007BD0F4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 98networkCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 007BD130
                                                                                                                                                                                                                                                • InternetCrackUrlW.WININET(?,00000000,00000000,0000007C), ref: 007BD13A
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CrackInternet_wcslen
                                                                                                                                                                                                                                                • String ID: |
                                                                                                                                                                                                                                                • API String ID: 596671847-2343686810
                                                                                                                                                                                                                                                • Opcode ID: 22dd33926adce54be2e2732f3dfea75aa2c92442821c1e11a1dc126971fd83a3
                                                                                                                                                                                                                                                • Instruction ID: a0a43589f36bb7484c84ebe59446edb0abf77784b9266f37c103aad6ab27c420
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 22dd33926adce54be2e2732f3dfea75aa2c92442821c1e11a1dc126971fd83a3
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 86313E71D01219EBCF15EFA4CC89AEEBFB9FF05300F004019F915A6162E739AA06DB50
                                                                                                                                                                                                                                                Function 007D356C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 96COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • DestroyWindow.USER32(?,?,?,?), ref: 007D3621
                                                                                                                                                                                                                                                • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?), ref: 007D365C
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Window$DestroyMove
                                                                                                                                                                                                                                                • String ID: static
                                                                                                                                                                                                                                                • API String ID: 2139405536-2160076837
                                                                                                                                                                                                                                                • Opcode ID: 9fc0771429a4a2c60cfd5ec641d307341e9546819a3e1fca134bf90b3981ea73
                                                                                                                                                                                                                                                • Instruction ID: 221fd49197299c35f070cd0e735a01ce688c22e45b83f5c428ca48676120f0a6
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9fc0771429a4a2c60cfd5ec641d307341e9546819a3e1fca134bf90b3981ea73
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E9318B71110604AEDB109F38DC81EFB73B9FF88720F00961AF9A597290DA39ED91D761
                                                                                                                                                                                                                                                Function 007D4537 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 95windowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • SendMessageW.USER32(00000027,00001132,00000000,?), ref: 007D461F
                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 007D4634
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: MessageSend
                                                                                                                                                                                                                                                • String ID: '
                                                                                                                                                                                                                                                • API String ID: 3850602802-1997036262
                                                                                                                                                                                                                                                • Opcode ID: e71177e9116202e2a7b6b5882e7fbac28eabe9036e54a9c84256aff7f5c6360c
                                                                                                                                                                                                                                                • Instruction ID: c5d6fc85d8bcc60e3f2db2f00e8afdf04057c289bd9c6870b524f5fbc0d3d19e
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e71177e9116202e2a7b6b5882e7fbac28eabe9036e54a9c84256aff7f5c6360c
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D6313674A0120AAFDF14CFA9D981BDABBB5FF09300F14406AE906AB381D774E951CF90
                                                                                                                                                                                                                                                Function 007D31EF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72windowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 007D327C
                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 007D3287
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: MessageSend
                                                                                                                                                                                                                                                • String ID: Combobox
                                                                                                                                                                                                                                                • API String ID: 3850602802-2096851135
                                                                                                                                                                                                                                                • Opcode ID: 7ed2fe6a31b1fa624ad79a1325fafb95bfa8749bf3b6ef9b4ed7ec5b71dc21d6
                                                                                                                                                                                                                                                • Instruction ID: a7afec389fed591c7841eae1139ca7ae189b57c902d55012a89e787c7e191479
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7ed2fe6a31b1fa624ad79a1325fafb95bfa8749bf3b6ef9b4ed7ec5b71dc21d6
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A511B271B00208BFEF219F54DC85EBB3B7AFB94364F10412AF91897390D679AD518761
                                                                                                                                                                                                                                                Function 007D3710 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 0074600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 0074604C
                                                                                                                                                                                                                                                  • Part of subcall function 0074600E: GetStockObject.GDI32(00000011), ref: 00746060
                                                                                                                                                                                                                                                  • Part of subcall function 0074600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 0074606A
                                                                                                                                                                                                                                                • GetWindowRect.USER32(00000000,?), ref: 007D377A
                                                                                                                                                                                                                                                • GetSysColor.USER32(00000012), ref: 007D3794
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Window$ColorCreateMessageObjectRectSendStock
                                                                                                                                                                                                                                                • String ID: static
                                                                                                                                                                                                                                                • API String ID: 1983116058-2160076837
                                                                                                                                                                                                                                                • Opcode ID: 67828f638e637f8244eed2484390e5757c72353551d41986729cc8d5f0fac567
                                                                                                                                                                                                                                                • Instruction ID: 1ebb60005155e422c50042740b487fd43f04f78f5e85490b229f4752a4ec9688
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 67828f638e637f8244eed2484390e5757c72353551d41986729cc8d5f0fac567
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2C1129B261060AAFDF01DFA8CC46EEA7BB8FB08354F004516F955E2250D739E851DB61
                                                                                                                                                                                                                                                Function 007BCD1E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66networkCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 007BCD7D
                                                                                                                                                                                                                                                • InternetSetOptionW.WININET(00000000,00000032,?,00000008), ref: 007BCDA6
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Internet$OpenOption
                                                                                                                                                                                                                                                • String ID: <local>
                                                                                                                                                                                                                                                • API String ID: 942729171-4266983199
                                                                                                                                                                                                                                                • Opcode ID: d4b10dda1aece615befeff20c34a0e52bdd72a9a5afd02ca3f431930e43d110f
                                                                                                                                                                                                                                                • Instruction ID: 849a129989ee8f8dee1fa56e969038bf23711c8cc205bfafc7c9adc0855457db
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d4b10dda1aece615befeff20c34a0e52bdd72a9a5afd02ca3f431930e43d110f
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1711C679305632BAD7364B668C49FE7BE6CEF527A4F40822AB14983180D7789840D6F0
                                                                                                                                                                                                                                                Function 007D3429 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64windowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetWindowTextLengthW.USER32(00000000), ref: 007D34AB
                                                                                                                                                                                                                                                • SendMessageW.USER32(?,000000B1,00000000,00000000), ref: 007D34BA
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: LengthMessageSendTextWindow
                                                                                                                                                                                                                                                • String ID: edit
                                                                                                                                                                                                                                                • API String ID: 2978978980-2167791130
                                                                                                                                                                                                                                                • Opcode ID: 4f3b6c3d793ebdee9623cd74e9fea250bbec32f1a58a729b25b8e5d0a5111f71
                                                                                                                                                                                                                                                • Instruction ID: 4ee908437112e4d55d07285f13b0bfa99c0bb8549d3786f38351b8ae5af4a212
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4f3b6c3d793ebdee9623cd74e9fea250bbec32f1a58a729b25b8e5d0a5111f71
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8C116D71100148AAEB125E64EC44AFB377AEB05374F508326F961932E0C77DDC519756
                                                                                                                                                                                                                                                Function 007A6C86 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 00749CB3: _wcslen.LIBCMT ref: 00749CBD
                                                                                                                                                                                                                                                • CharUpperBuffW.USER32(?,?,?), ref: 007A6CB6
                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 007A6CC2
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: _wcslen$BuffCharUpper
                                                                                                                                                                                                                                                • String ID: STOP
                                                                                                                                                                                                                                                • API String ID: 1256254125-2411985666
                                                                                                                                                                                                                                                • Opcode ID: df8fcecedf15b7d337e6de689bd1adaf3d7b429df5504a4ea029cad5b791571a
                                                                                                                                                                                                                                                • Instruction ID: 414259e503c7a3d01e581c6718b4be7e6ee9109b05f15ff8cbca2aa0a4bd2987
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: df8fcecedf15b7d337e6de689bd1adaf3d7b429df5504a4ea029cad5b791571a
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: ED010432700527CBCB20AFBDDC848BF73B4EFA27607050624E96292195EB39E900C660
                                                                                                                                                                                                                                                Function 007A1CDE Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52windowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 00749CB3: _wcslen.LIBCMT ref: 00749CBD
                                                                                                                                                                                                                                                  • Part of subcall function 007A3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 007A3CCA
                                                                                                                                                                                                                                                • SendMessageW.USER32(?,000001A2,000000FF,?), ref: 007A1D4C
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                • Opcode ID: 5d5631717e445543b230f9e07bc5974b7e2b06daaa1a3363fd2884be58a76e76
                                                                                                                                                                                                                                                • Instruction ID: c7807bd760a4a0fc90aaaca127921a1bd558ed3dae1d921fafd9cd236e250776
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5d5631717e445543b230f9e07bc5974b7e2b06daaa1a3363fd2884be58a76e76
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B501B575741214ABDB04EBA4CC598FF7768FB87360F440B19B932673C1EB3859088671
                                                                                                                                                                                                                                                Function 007A1BD8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50windowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 00749CB3: _wcslen.LIBCMT ref: 00749CBD
                                                                                                                                                                                                                                                  • Part of subcall function 007A3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 007A3CCA
                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000180,00000000,?), ref: 007A1C46
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                • Opcode ID: 19a8393855c41fe6e30087481530670d0f5b5f345638a5f9480cea107c54e460
                                                                                                                                                                                                                                                • Instruction ID: 7362d6c8825f423686980ac9d951a96ae4ba53277631ab4f2621f95aec554da5
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 19a8393855c41fe6e30087481530670d0f5b5f345638a5f9480cea107c54e460
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8F01A775AC1104A6DB04EBA0CD659FF77A89B52360F540119B516772C2EB2C9E08C6B1
                                                                                                                                                                                                                                                Function 007A1C5C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49windowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 00749CB3: _wcslen.LIBCMT ref: 00749CBD
                                                                                                                                                                                                                                                  • Part of subcall function 007A3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 007A3CCA
                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000182,?,00000000), ref: 007A1CC8
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                • Opcode ID: ff148ffc9c1fa445536e5aaebf1be34f2189861eea2a4b0d4c7976c51c20b30d
                                                                                                                                                                                                                                                • Instruction ID: faca12215f2772ef2ba10cbaf0fc0f87d4a741d97e5bf5069ac1958174403607
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ff148ffc9c1fa445536e5aaebf1be34f2189861eea2a4b0d4c7976c51c20b30d
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EA01D675A81118A7DF04EBA4CE55AFF77ACAB52350F540115B912B32C2EB2C9F08C6B1
                                                                                                                                                                                                                                                Function 007A1D68 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 46windowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 00749CB3: _wcslen.LIBCMT ref: 00749CBD
                                                                                                                                                                                                                                                  • Part of subcall function 007A3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 007A3CCA
                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000018B,00000000,00000000), ref: 007A1DD3
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                • Opcode ID: bc43fcd0e13ece312ea5cace18a810606a77790f2472971928d3efa970d4701f
                                                                                                                                                                                                                                                • Instruction ID: 9d43438049d60e7d3ee7c9bad4d2f69eca8fa7cda391dd2d798e1de31774da48
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: bc43fcd0e13ece312ea5cace18a810606a77790f2472971928d3efa970d4701f
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E8F0A971B41214A6D704F7A4CD55AFF777CAB42350F440A15B532632C1DB68590886B0
                                                                                                                                                                                                                                                Function 007C747E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: _wcslen
                                                                                                                                                                                                                                                • String ID: 3, 3, 16, 1
                                                                                                                                                                                                                                                • API String ID: 176396367-3042988571
                                                                                                                                                                                                                                                • Opcode ID: a689524278926202e18a02f667998b5aa124582683d6b475534856969a960db2
                                                                                                                                                                                                                                                • Instruction ID: 1d837d3a3d7390614c032b351bd5f123c3c71919941c3e16a7bcd6427b7075b1
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a689524278926202e18a02f667998b5aa124582683d6b475534856969a960db2
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EBE02B0264476064A23D12799CC5F7F578ADFC5750710182FFD82D2266EE9C9E91D3A0
                                                                                                                                                                                                                                                Function 007A0B15 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 28windowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • MessageBoxW.USER32(00000000,Error allocating memory.,AutoIt,00000010), ref: 007A0B23
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Message
                                                                                                                                                                                                                                                • String ID: AutoIt$Error allocating memory.
                                                                                                                                                                                                                                                • API String ID: 2030045667-4017498283
                                                                                                                                                                                                                                                • Opcode ID: 61777821aa99ee05f28da5e20bc0a5efc45dfd607bf5966e2b6b07719b42c9f4
                                                                                                                                                                                                                                                • Instruction ID: 2f7294aff169c86f5df644dd808f185567ddfd31e6c170095983691fd524b4b9
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 61777821aa99ee05f28da5e20bc0a5efc45dfd607bf5966e2b6b07719b42c9f4
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 03E0D831344309A6D2153754BC07FC97B948F05B21F100427FB58955C38AEA285086F9
                                                                                                                                                                                                                                                Function 00760D42 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 0075F7C9: InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,?,00760D71,?,?,?,0074100A), ref: 0075F7CE
                                                                                                                                                                                                                                                • IsDebuggerPresent.KERNEL32(?,?,?,0074100A), ref: 00760D75
                                                                                                                                                                                                                                                • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,0074100A), ref: 00760D84
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00760D7F
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CountCriticalDebugDebuggerInitializeOutputPresentSectionSpinString
                                                                                                                                                                                                                                                • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                                                                                                                                                                                                • API String ID: 55579361-631824599
                                                                                                                                                                                                                                                • Opcode ID: f10e6c7fd90df753855fa5b2ac844ca4aa616ae3e54bc18496b3d58070efb570
                                                                                                                                                                                                                                                • Instruction ID: f7f406be1512178b2e2d38d468b21b67036c714fa25136b1ee27658c63a9fe0f
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f10e6c7fd90df753855fa5b2ac844ca4aa616ae3e54bc18496b3d58070efb570
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EFE039702003018BD3209FA8E8082427BF4BB04745F008A2EE882C6755DBBCE4448BE1
                                                                                                                                                                                                                                                Function 007B3017 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetTempPathW.KERNEL32(00000104,?,00000001), ref: 007B302F
                                                                                                                                                                                                                                                • GetTempFileNameW.KERNEL32(?,aut,00000000,?), ref: 007B3044
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Temp$FileNamePath
                                                                                                                                                                                                                                                • String ID: aut
                                                                                                                                                                                                                                                • API String ID: 3285503233-3010740371
                                                                                                                                                                                                                                                • Opcode ID: 54bd75873cda700524cf30517e088289c031d96c9debde387c7128325e1fdc52
                                                                                                                                                                                                                                                • Instruction ID: 98d8bf34dde6ba7318b1230c56352e00062b5a892c234a571b30998bce8787ca
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 54bd75873cda700524cf30517e088289c031d96c9debde387c7128325e1fdc52
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 95D05B7150132467DA60A794AC0DFC73B7CEB04750F000252B655D60D1DAB4A544CAD4
                                                                                                                                                                                                                                                Function 0079D21C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 17timeCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: LocalTime
                                                                                                                                                                                                                                                • String ID: %.3d$X64
                                                                                                                                                                                                                                                • API String ID: 481472006-1077770165
                                                                                                                                                                                                                                                • Opcode ID: 0b704af06219ca7469a08e49f63ed12218d77e1e1c2d8b88023cc251bbd7a7e6
                                                                                                                                                                                                                                                • Instruction ID: f97444d15e2826db3bc3c157ecc4d3b4efb3cef0be6f25c9ebd912a82c988033
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0b704af06219ca7469a08e49f63ed12218d77e1e1c2d8b88023cc251bbd7a7e6
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6AD062A5C09119E9CFB097E0ED499F9B37CFB18341F908452FD16D1180D66CDD48A761
                                                                                                                                                                                                                                                Function 007D2356 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 007D236C
                                                                                                                                                                                                                                                • PostMessageW.USER32(00000000), ref: 007D2373
                                                                                                                                                                                                                                                  • Part of subcall function 007AE97B: Sleep.KERNEL32 ref: 007AE9F3
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: FindMessagePostSleepWindow
                                                                                                                                                                                                                                                • String ID: Shell_TrayWnd
                                                                                                                                                                                                                                                • API String ID: 529655941-2988720461
                                                                                                                                                                                                                                                • Opcode ID: 23f9a23291813faf99d855216f2cea4b8ab13673096e46c2fc2b1ec69f77559b
                                                                                                                                                                                                                                                • Instruction ID: dd2b108683bae36aa1d6d813ad1bf194fe22831c56e7bb23bc9e887e070fb6fa
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 23f9a23291813faf99d855216f2cea4b8ab13673096e46c2fc2b1ec69f77559b
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D6D0C73138131176E56567709C0FFC676549745710F1086567655D51D0D9A8B411CA58
                                                                                                                                                                                                                                                Function 007D2322 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 007D232C
                                                                                                                                                                                                                                                • PostMessageW.USER32(00000000,00000111,00000197,00000000), ref: 007D233F
                                                                                                                                                                                                                                                  • Part of subcall function 007AE97B: Sleep.KERNEL32 ref: 007AE9F3
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: FindMessagePostSleepWindow
                                                                                                                                                                                                                                                • String ID: Shell_TrayWnd
                                                                                                                                                                                                                                                • API String ID: 529655941-2988720461
                                                                                                                                                                                                                                                • Opcode ID: 545b6a392603a6e6da50acac71ab3d65b867d30759b022037a4421e1bd26d477
                                                                                                                                                                                                                                                • Instruction ID: c3012cab3873228710d7ab02e47d0d1f469e023e910d96f509d9067c7c156719
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 545b6a392603a6e6da50acac71ab3d65b867d30759b022037a4421e1bd26d477
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8CD0C936395311B6EAA4A770AC0FFC67A68AB40B10F108A567656AA1D0D9A8A811CA58
                                                                                                                                                                                                                                                Function 0077BDFD Relevance: 5.1, APIs: 4, Instructions: 139COMMONLIBRARYCODE
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(?,00000009,?,00000000,00000000,?,?,?,00000000,?,?,?,?,?,00000000,?), ref: 0077BE93
                                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 0077BEA1
                                                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 0077BEFC
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1829313337.0000000000741000.00000020.00000001.01000000.00000003.sdmp, Offset: 00740000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829290539.0000000000740000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829373931.0000000000802000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829426822.000000000080C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1829458159.0000000000814000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_740000_XlKQ797V2E.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ByteCharMultiWide$ErrorLast
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 1717984340-0
                                                                                                                                                                                                                                                • Opcode ID: b94c78de07722eab3fb33f515f268fa0f4e0d8e6e14f21fc0a22e2bac1957661
                                                                                                                                                                                                                                                • Instruction ID: 2846f67f3ba02a93eee46b92fd74493804d88b833b2ed448c8ab19fbc5c7d488
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b94c78de07722eab3fb33f515f268fa0f4e0d8e6e14f21fc0a22e2bac1957661
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C641F635601216EFCF218FA4CC94BBA7BA4EF41B90F14C16AF95D972A1DB388D00CB51

                                                                                                                                                                                                                                                Execution Graph

                                                                                                                                                                                                                                                Execution Coverage:0.3%
                                                                                                                                                                                                                                                Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                Signature Coverage:100%
                                                                                                                                                                                                                                                Total number of Nodes:6
                                                                                                                                                                                                                                                Total number of Limit Nodes:0
                                                                                                                                                                                                                                                execution_graph 5000 1dfbd0cacf7 5001 1dfbd0cad07 NtQuerySystemInformation 5000->5001 5002 1dfbd0caca4 5001->5002 5003 1dfbd0e41b2 5004 1dfbd0e4209 NtQuerySystemInformation 5003->5004 5005 1dfbd0e2584 5003->5005 5004->5005

                                                                                                                                                                                                                                                Callgraph

                                                                                                                                                                                                                                                Executed Functions

                                                                                                                                                                                                                                                Function 000001DFBD0E41B2 Relevance: 26.1, APIs: 1, Strings: 10, Instructions: 6826nativeCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000010.00000002.3013041847.000001DFBD0E2000.00000020.00000001.00020000.00000000.sdmp, Offset: 000001DFBD0E2000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_16_2_1dfbd0e2000_firefox.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: InformationQuerySystem
                                                                                                                                                                                                                                                • String ID: #$#$#$4$>$>$>$A$z$z
                                                                                                                                                                                                                                                • API String ID: 3562636166-3072146587
                                                                                                                                                                                                                                                • Opcode ID: a7beeb6ed6d4bd1c13836e24e4a4bf8602c8d7752103ee20adf8d6ea9f6b849f
                                                                                                                                                                                                                                                • Instruction ID: 0263d47962ef887061b95a1752dfeba4f1c6be196ccd3cb0156ee670e27b733a
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a7beeb6ed6d4bd1c13836e24e4a4bf8602c8d7752103ee20adf8d6ea9f6b849f
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 42A3A431A18A498BDB2DDF1CDC856E977E5FB94700F14423FD98BC7295DE34EA028682